The  Enterprise  All-Star  Awards 

Nominate  your  greatest  technology  projects  in  Network  World's  newest  user 
recognition  program.  Deadline  is  July  8.  Go  to  www.networkworld.com,  DocFinder:  7842. 
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Are  firewalls 
expendable? 


Jericho  Forum 
looks  to  redefine 
security  schemes. 

BY  ELLEN  MESSMER 

The  firewall’s  fate  is  up  for 
debate. 

For  more  than  a  decade,  fire¬ 
walls  have  stood  guard  at  the 
perimeter  of  corporate  networks 
to  defend  against  the  Internet’s 
perils.  But  a  growing  number  of 
security  managers,  united  under 
the  banner  of  the  Jericho 
Forum,  want  to  retire  this  stal¬ 


wart  because  they  say  it  hinders 
e-commerce. 

Countering  the  forum’s  argu¬ 
ment,  however,  is  an  equally 
emphatic  collection  of  analysts, 
corporate  security  managers 
and,  not  surprisingly,  firewall 
vendors. 

“The  perimeter  going  away? 
That’s  baloney’  said  John  Besca- 
tore,a  Gartner  analyst  alluding  to 
the  concept  during  his  presenta¬ 
tion  at  the  research  firm’s  recent 
IT  Security  Summit  on  the  future 
of  network  security  “We  think  the 
See  Perimeter,  page  8 


Carriers  adding  pizazz 
to  Ethernet  services 

BY  JIM  DUFFY  Ethernet  portfolios  with  class-of- 

BellSouth  next  year  plans  to  service  features,  and  scalable 
turn  up  metropolitan  Ethernet  multipoint  capabilities  for  voice 
offerings  that  support  multiple  and  video  support  (see  graphic, 
service  classes  per  port  to  page  10).  Verizon,  for  example, 
enable  more  reliable  voice  and  recently  said  it  plans  to  add  three 
video  transmission  for  business  service  classes  to  its  switched 
customers.  Ethernet  services,  as  well  as  other 

The  company  is  but  one  of  enhancements, 
scores  of  carriers  bulking  up  their  See  Ethernet  page  10 


LINUX  15  MATURING  OUT  OF  GEEKY 
adolescence,  and  there  is  no  shortage  of 
open  source  tools  —  application  servers, 
databases,  content  management  systems,  CRM 
—  following  right  behind.  We  look  at  the 
expanding  universe  of  open  source  code,  where 
and  how  it  is  being  used,  the  successes,  the  hurdles 
and  what’s  in  store  in  the  years  ahead. 


•  Branching  out 

A  bevy  of  open  source  tools  are  worth  a 
look  today,  and  we're  just  getting 
started.  Page  15. 

•  Real  deal 

Companies  aren't  toying  with  open 
source  tools,  they’re  deploying  them  to 
support  business-critical  functions.  A 
look  at  how  some  organizations  are 
exploiting  the  technology.  Page  18. 

•  Getting  there: 
Migrating  to  open  source 

Those  who  have  made  the  move  share 
advice  on  how  to  prepare  and  the  traps 
to  avoid.  Page  22. 

•  An  open  letter  to  the 
open  source  community 

Page  24. 


•  Face-Off:  Is  BSD  a  better 
open  source  licensing 
model  than  the  GPL? 

Two  industry  insiders  debate  the  pros 
and  cons.  Page  25. 

•  Open  source  vs. 
Windows:  Security  debate  rages. 
Page  25. 

•  Head  of  the  class 

Open  source  visionary  Brian  Behlendorf 
talks  about  where  the  movement  is 
heading  in  the  enterprise.  Page  28. 

•  Risky  business 

Users  weigh  legal,  technical  and  support 
issues  when  considering  open  source. 
Page  30. 
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Netifice,  a  leading  managed  service  provider,  has  acquired  Aventail’s  managed  SSL  VPN  Services  Bi 
used  by  95%  of  managed  SSL  VPN  customers  worldwide.  Aventail’s  Secure  Sockets  Layer  (SSL)  Vf 
businesses  connect  different  types  of  remote  users  with  varying  levels  of  access,  security  and  portability, 
to  you?  Flawless  integration  of  applications.  Faster  time  to  market.  No  obsolescence  or  complex  er 
solve.  If  you  are  looking  to  improve  the  productivity  of  your  distributed  workforce  or  communicate  wi 
Netifice  has  the  flexibility  to  give  you  a  competitive  edge. 
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Aventail’s  leading  SSL  VPN  appliances  deliver  secure,  clientless  access  from  anywhere,  to  any  application, 
on  any  device,  increasing  productivity,  while  maximizing  security  and  lowering  costs,  www.aventail.com 
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News 

G  Covisint  drives  ahead  with  ID 
management  service. 

6  Business  Signatures  to 

promote  reputation  services. 

8  Sun,  CA  buys  boost  software 
offerings. 

10  Cisco  snaps  up  security  firm. 

31  NetScaler  boosts  app  accelera¬ 
tion  gear. 


■  NetScaler  says  a  software 
upgrade  to  its  switch  can 
speed  WAN  app  traffic  fivefold. 

Opinions 

38  BackSpin:  Open  source  has  to 
‘wear  a  tie.' 

38  'Net  Buzz:  Wisdom  rules  in  9-0 
Supreme  Court  thrashing  of 
Grokster. 


Columnists 

Hetwork  World  columnists:  All  our 

columnists  are  exclusively  online 
this  week,  so  head  onto 
NetworkWorld.com  to  see  what 
they're  talking  about.  Scott 
Bradner  looks  at  mpjor  corpora¬ 
tions  being  identified  as  spyware 
advertisers;  Joel  Snyder  looks  at 
the  importance  of  data  encryption; 
Linda  Musthaler  looks  at  the  IT 
job  market  facing  new  grads;  and 
much  more.  DocFinder:  7833 

www.networkworld.com 
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•  Branching  out  A  bevy  of  open  source  tools 
are  worth  a  look  today,  and  we’re  just  getting  started. 

Page  15. 

•  Real  deal  Companies  aren’t  toying  with  open  source 
tools,  they’re  deploying  them  to  support  business-critical 
functions.  Here's  a  look  at  how  some  organizations  are 
exploiting  the  technology.  Page  18. 

•  Getting  there:  Migrating  to  open 

source  Those  who  have  made  the  move  share  advice  on 
how  to  prepare  and  what  traps  to  avoid.  Page  22. 

•  An  open  letter  to  the  open  source 
community  3age  24. 

•  Face-Off:  Is  BSD  a  better  open  source  licensing  model  than 
the  GPL?  Two  industry  insiders  debate  the  pros  and  cons  of 
B5D  vs.  GPL.  Page  25. 

•  Open  source  VS.  Windows:  Security  debate 
rages.  Page  26. 

•  Head  Of  the  class  Open  source  visionary  Brian 
Behlendorf  talks  about  where  the  movement  is  heading  in  the 
enterprise.  Page  28. 
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Basic  security  tools  for  PC  users 
-  2005  update  Security  expert 
Winn  Schwartau  offers  a  checklist 
of  free  basic  security  software 
everyone  needs  to  run,  DocFinder: 
7831 

Network  World  Radio:  Endpoint 
security  product  testing:  Network 
World  Lab  Alliance  members  Mandy 
Andress  and  Rodney  Thayer  have 
conducted  a  comprehensive  test  of 
the  endpoint  security  products. 
Thayer  joins  us  to  discuss  how  the 
testing  was  conducted  and  share 
some  surprises  they  found  along 
the  way.  DocFinder:  7832 


Forum:  Is  BSB  a  better  open 
source  licensing  model  than  the 
GPL?  As  part  of  our  spotlight  on 
open  source  this  week,  executives 
from  Novell  and  Covalent  debate 
both  sides  of  the  issue.  Read  what 
they  have  to  say,  then  add  your  own 
thoughts  in  our  forum. 

DocFinder:  7834 

Letters  to  the  editor:  Every  week 
we  receive  more  letters  than  we 
have  space  to  print.  Head  online  to 
see  what  readers  say  about  the 
risk  of  mobile  malware  and  why 
mergers  are  bad  for  telco  cus¬ 
tomers. 

DocFinder:  7835 


Online  help  and  advice 

Nutter's  Help  Desk 

Addressing  an  odd  IP  configura¬ 
tion.  Help  Desk  guru  Ron  Nutter 
helps  a  service  tech  address  a 
client’s  odd  IP  configuration. 
DocFinder:  7836 

Home  LAN  Adventures: 

Know  your  core  competencies. 

Columnist  Sandra  Gittlen  says  small- 
business  owners  need  to  resist  the 
temptation  to  do  it  all  and  need  to 
know  when  to  outsource.  DocFinder: 
7837 


Telework  Beat 

With  telework,  it  pays  to  be  formal. 

Telework  columnist  Ann  Bednarz 
says  businesses  are  missing  out  on 
economic  savings  with  informal  tele¬ 
work  programs,  DocFinder:  7838 

Small  Business  Tech 

Sixteen  doctors  and  a  shared  work¬ 
space.  Columnist  James  Gaskin 
examines  how  a  group  of  doctors 
virtually  consult  and  securely  share 
information  through  an  ad  hoc  con- 


Seminars  and  events _ 

ference  system  and  database.  DocFinder:  7839 

IT  Strategies  for  Small  to  Midsized  Businesses:  A  Practical  Blueprint 
for  Smart  Growth:  This  new  Technology  Tour  Event  and  Expo  is  packed 
with  the  practical  guidance  you  need  to  create  an  IT  strategy  that  saves 
wasted  expenditures  and  your  sanity.  Invest  six  hours  that  could  put  tens 
of  thousands  of  dollars  back  to  work  elsewhere  in  your  business.  Want  in? 
Qualify  and  you  can  attend  free.  DocFinder:  7840 


BREAKING  NEWS 

Go  online  for  breaking  news  every  day,  DocFinder  6342 

Free  e-mail  newsletters 
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•  Risky  business  Users  weigh  legal,  technical  and 
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AMD  launches  anti-trust  suit  against  Intel 

■  Advanced  Micro  Devices  last  week  filed  a  wide-ranging  anti-trust  suit  that 
accused  Intel  of  maintaining  its  monopoly  in  the  PC  processor  market  by  ille¬ 
gally  coercing  customers  into  using  its  products.The  suit  identifies  38  compa¬ 
nies  on  three  continents  that  were  allegedly  coerced  by  Intel,  including  large- 
scale  computer  makers,  small  system  builders,  wholesale  distributors  and 


TheGoodTheBadTheUgly 

Spreading  security.  The  Cyber  Security  Industry 
Alliance,  launched  last  year  by  a  handful  of  IT  security  firms  to  focus  on 
cybersecurity  issues  in  the  U.S.,  now  is  looking  to  expand  into  Europe 
and  eventually  Asia.  Executive  Director  Paul  Kurtz,  former  White  House 
security  director,  says:  "So  often  the  U.S.  rides  in  to  'save  the  day,’  but 
we  do  not  want  to  bring  a  U.S.  solution,  we  want  to  bring  a  harmonized 
solution,"  he  said. 


retailers,  according  to  a  statement  from  AMD. The  48-page  complaint 
alleges  that  Intel  used  illegal  subsidies  to  win  sales,  and  in  some  cases 
threatened  companies  with  “severe  consequences”  for  using  or  selling 
AMD  products.  Intel  denied  the  allegations.“We  unequivocally  disagree 
with  AMD’s  claims,” said  Paul  Otellini,  Intel’s  president  and  CEO.“Intel  has 
always  respected  the  laws  of  the  countries  in  which  we  operate.  We  com¬ 
pete  aggressively  and  fairly . .  .This  will  not  change.” 
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Court  backs  FCC  on  sharing  rules 

■  Cable  companies  that  offer  broadband  Internet 
access  do  not  have  to  open  their  high-speed  lines  to 
competitors,  owing  to  a  U.S.  Supreme  Court  ruling  last 
week  that  overturned  a  lower  court  decision  and 
affirmed  how  the  FCC  classifies  cable-modem  ser¬ 
vices.  Justices  voted  6-3  to  overturn  the  9th  U.S.  Circuit 
Court  of  Appeals  ruling  in  FCC  v.  Brand  X,  which  is  tied 
to  a  complicated  FCC  policy  regarding  access  regula¬ 
tions  for  telecom  carriers  and  ISPs.  The  FCC  in  March 
2002  ruled  that  cable-modem  service  is  an  “informa¬ 
tion”  service  not  subject  to  the  same  regulation  as 
telecom  services.  Incumbent  regional  telecom  carri¬ 
ers,  or  RBOCs,  are  required  to  share  parts  of  their  net¬ 
works  with  competitors  at  wholesale  prices.  The  FCC 
suggested  at  the  time  of  its  cable-modem  ruling  that 
less  regulation  would  foster  the  growth  of  broadband 
and  therefore  the  Internet.  Telecom  carriers  pre¬ 
dictably  hailed  last  week’s  decision,  while  Brand  X 
said  it  should  be  a  “wake-up  call  to  Congress  on  both 
procedural  and  policy  grounds." 

■— COMPENDIUM 

One  way  to  stop  Skype 

A  security  specialist  who  posts  under  the  name 
Joat  notes  a  story  that  praises  the  VoIP  tool 
Skype  for  its  ability  to  bypass  firewalls:  “While 
Skype  might  be  hard  to  block,  it  is  easy  to  detect 
and  the  author  seems  to  have  forgotten  the 
most  effective  countermeasure  for  preventing 
the  use  of  any  tool:  public  executions.”  Find  out 
more  at  www.networkworld.com, 

DocFinder:  7841. 
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“Because  source  code  is  visible 
to  lots  of  people,  if  there  is  a 
security  issue,  it  tends  to  be 
spotted  earlier.The  open  source 
community  isn’t  shy  about  criti¬ 
cizing  bad  code.” 

Adam  Jollans,  chief  Linux  technologist,  IBM  Software  Group 

See  story,  page  26. 

Gates  urges  caution  on  outsourcing 

■  Companies  should  not  outsource  their  core  busi¬ 
ness  functions  and  staff,  Microsoft  Chief  Software 
Architect  Bill  Gates  last  week  told  a  group  of  Japan’s 
top  businessmen  in  a  speech  in  Tokyo.  Gates  urged  IT 
companies  to  beware  of  outsourcing  too  much  to 
save  costs  and  to  keep  their  key  engineering 
resources  and  intellectual  property  at  home.  “If  you 
rely  too  much  on  people  in  other  companies  and 
countries  . . .  you  are  outsourcing  your  brains  where 
you  are  making  all  the  innovation,”  he  said. The  need 
to  maintain  a  competitive  edge  by  investing  rather 
than  cost  cutting  was  a  theme  that  Gates  returned  to 
several  times  in  his  address.Too  many  U.S.  companies 
are  cutting  their  research  and  development  budgets 
at  a  time  when  investment  in  these  areas  is  needed  to 
cope  with  an  increasingly  competitive  global  market 
economy  he  said. 

GA  restates  results  once  again 

■  Computer  Associates  last  week  filed  its  delayed 


More  college  trouble.  The  University 
of  Connecticut  has  revealed  that  a  school  server  con¬ 
taining  personal  data  for  72,000  members  of  the  uni¬ 
versity  community  who  were  assigned  UGonn  e-mail 
addresses  has  been  breached  on  at  least  one  occasion. 
“Results  of  our  examination  reveal  no  indication  that 
any  personal  information  was  accessed  or  extracted," 
said  CIO  Michael  Kerntke.  "We  moved  immediately  to 
protect  the  data  by  taking  the  impacted  server  offline." 

<  Bert  and  Ernie  babysit  a  new 

IDC  report  analyzing  the  potential  for  wireless  content 
and  video  offerings  says  streaming  video  of  “Sesame 
Street"  characters  and  other  children's  material 
could  be  a  boon  for  the  market  as  cell  phones  and 
other  mobile  devices  become  electronic  babysitters. 


annual  financial  report,  formalizing  another  round  of 
financial  restatements  that  the  software  vendor  hopes 
will  let  it  finally  leave  behind  the  shadows  of  its  trou¬ 
bled  past  few  years.  CA  warned  last  month  that  it 
would  need  to  once  again  tweak  its  reported  results 
as  it  works  to  mop  up  the  aftermath  of  an  accounting 
scandal  that  had  the  company  prematurely  booking 
more  than  $2  billion  in  sales.  Last  week’s  filing 
includes  amended  results  for  CAs  fiscal  years  2001 
through  2005,  which  ended  March  31. The  latest  reclas¬ 
sifications  are  small, however:  For  2005, CA  reduced  its 
revenue  by  $6  million,  to  $3.53  billion.  Its  net  income 
for  the  year  rose  by  $1  million,  to  $13  million.  In  a  call 
with  analysts  last  month  to  discuss  CAs  quarterly 
results,  executives  including  CEO  John  Swainson  and 
COO  Jeff  Clarke  said  CA  felt  even  minor  adjustments 
were  important  to  make,  to  demonstrate  the  new 
management  team’s  commitment  to  accurate 
accounting. 

Oracle  posts  healthy  finances 

■  Oracle  last  week  reported  a  big  jump  in  revenue  for 
its  fiscal  fourth  quarter,  driven  by  its  merger  with 
BeopleSoft  and  strong  sales  from  all  product  cate¬ 
gories.  Revenue  for  the  period,  which  ended  May  31, 
came  in  at  $3.88  billion,  up  26%  from  a  year  ago. Sales 
of  new  applications  were  particularly  strong,  growing 
52%  to  $350  million.  Net  income  for  the  quarter  was 
$1.02  billion,  up  3%  from  a  year  earlier.  Total  software 
revenue  increased  by  24%  from  a  year  ago  to  $3.1  bil¬ 
lion.  Of  that,  new  license  revenue  grew  23%  to  $1.6  bil¬ 
lion  and  license  updates  and  product  support  rev¬ 
enue  grew  26%  to  $1.5  billion.  Revenue  from  services 
grew  35%  to  $755  million,  Oracle  says. 
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Govisint  drives  ahead  with  ID  mgmt. 


Profile:  Govisint 

Founded:  2000 

Founding  members:  DaimlerGhrysler,  Ford,  GM  and  Renault-Nissan;  sold 
to  Compuware  in  2004. 

No.  of  identities  managed:  325,000 
No.  of  applications  supported:  500 

Technology:  Homegrown  software:  RSA  ClearTrust  (Web  access 
___  management),  Federated  Identity  Manager. 

Vertical  markets  served:  Automotive,  healthcare 


BY  JOHN  FONTANA 

Known  for  its  pioneering  inte¬ 
gration  work  in  the  automotive 
industry,  Covisint  now  is  taking  a 
leadership  role  in  online  identity 
management. 

The  company  which  handles 
more  than  325,000  user  identities 
on  its  automotive  hub,  will 
announce  this  month  it  is  ready¬ 
ing  services  for  the  healthcare 
industry  as  well. 

Covisint,  an  online  data  integra¬ 
tion  hub  started  by  the  three 
major  automakers  in  2000  and 
now  a  division  of  Compuware, 
estimates  the  move  could  bring 
the  number  of  user  identities  on  its 
hub  to  nearly  1  million  by  year- 
end.  Extending  its  services  to  doc¬ 
tors,  nurses  and  insurance  plan 
members  could  result  in  tens  of 
millions  more  in  the  years  ahead. 


The  so-called  federation  service 
is  designed  to  let  companies  share 
user  identities  to  support  single 
sign-on  across  corporate  bound¬ 
aries.  The  service  will  employ  user 
identities  as  a  form  of  access  and 
security  control  and  offer  corpora¬ 
tions  what  Covisint  says  is  a  cost- 
effective  alternative  to  building 
their  own  infrastructure  and  creat¬ 
ing  one-off  systems  with  each  of 
their  partners.  Covisint,  which  exe¬ 
cutes  1.5  million  such  transactions 
per  month,  couples  federation 
with  another  service  it  offers, 
where  companies  store  and  man¬ 
age  identities  through  Covisint. 

“Federation  is  a  little  like  [elec¬ 
tronic  data  interchange]  was  in 
the  early  70s  when  it  came  out,” 
says  Dave  Miller,  chief  security  offi¬ 
cer  for  Covisint.  “Originally  these 
were  point-to-point  connections 


and  what  happened  is  that  these 
value-added  networks  came  up 
saying,  This  is  unmanageable  and 
what  if  there  was  someone  in  the 
middle  to  manage  all  the  connec¬ 
tions?’ We  are  really  the  same  thing 
for  managing  federation.” 

Handling  the  exchange  of 
identity  information  across 
organizational  boundaries  can 


be  challenging  not  just  techni¬ 
cally,  but  also  from  a  legal  and 
contractual  perspective,  espe¬ 
cially  the  need  to  establish  trust 
among  partners.  That  is  why 
experts  believe  identity  man¬ 
agement  hubs  could  prosper. 

“Federation  can’t  occur  in  totally 
[one-off]  models  for  large  mar¬ 
kets,  so  that  is  why  we  think  it  is 


likely  these  hubs  will  emerge," says 
Jamie  Lewis,  president  of  Burton 
Group.  Hubs  have  a  better  chance 
of  succeeding  if  they  are  devel¬ 
oped  by  a  trusted  third  party  that 
can  build  a  set  of  tailored  services 
for  specific  industries,  he  adds. 

Covisint  is  following  that  line. 

“Every  federation  is  a  different 
science  project,”  Miller  says  “So  we 
can  do  it  cheaper  than  you  can 
do  it  because  we  have  a  shared 
[resource]  model.” 

Covisint  estimates  it  costs  a  com¬ 
pany  about  $100  to  incorporate 
each  identity  into  its  own  system, 
but  that  its  service  today  is  priced 
at  half  that. 

Miller  says  the  company  plans 
to  extend  its  services  across 
industries  beyond  automotive 
and  healthcare,  tailoring  it  for 
industry-specific  needs  and  to 
meet  federal  regulations.  He  is 
banking  on  the  lessons  Covisint 
has  learned  since  it  built  its  first 
proprietary  systems  and  began 
sharing  identities  in  2001. 

Among  those  lessons  is  trust, 
which  Miller  says  is  easier  to  build 
through  a  common  third  party 
than  individually  Having  a  third 
party  involved  also  simplifies  iden¬ 
tity  ownership  issues,  he  says. 

“If  a  company  thinks  it  owns  the 
identity  it  is  going  to  try  and  insti¬ 
tute  rules  and  policies  and  in  the 
federation  model  if  one  identity 
can  go  to  multiple  places,  whose 
rules  do  you  follow?”Miller  asks. 

Covisint  uses  technology  from 
RSA  Security  to  support  standards 
such  as  the  Security  Assertion 
Markup  Language  and  the  Liberty 
Alliance  specifications. 

Miller  says  the  Service 
Provisioning  Markup  Language, 
which  is  designed  to  standardize 
provisioning  users  across  ser¬ 
vices,  also  is  key 

“Allowing  a  user  to  log  in  and  get 
to  five  places  is  interesting,”  he 
says.“But  if  you  have  to  administer 
that  user  in  five  places  then  the 
problem  has  not  been  solved." 

Managing  identities  across  orga¬ 
nizations  is  a  far  cry  from  where 
Covisint  was  five  years  ago  when  it 
started  out  with  a  plan  to  host  all 
of  the  automakers’  applications. 

“We  found  there  was  little  inter¬ 
est  in  us  hosting  the  applications, 
but  everybody  loved  the  fact  we 
took  over  their  identities  so  we 
decided  the  future  was  identity’ 
Miller  says.  ■ 


Start-up  touts  e-comm  mgmt  wares 


BY  ANN  BEDNARZ 

A  start-up  founded  by  three  ex-Oracle 
employees  is  set  to  unveil  e-commerce  moni¬ 
toring  and  management  software  for  online 
businesses  after  four  years  in  stealth  mode. 

Business  Signatures  next  week  plans  to 
introduce  its  Customer  Impact  Management 
software,  which  is  designed  to  help  users  man¬ 
age  infrastructure  resources,  control  fraud 
and  optimize  marketing  efforts.  The  software 
correlates  system  events  with  customer-facing 
business  processes.  For  example,  it  can  detect 
if  an  unusually  high  percentage  of  online  pay¬ 
ment  transactions  are  failing,  alert  IT  to  the 
issue,  and  trace  the  cause  back  to  an  infra¬ 
structure  or  network  problem. 

“It’s  hard  to  understand  what  your  customers 
are  trying  to  do,  right  now,  and  make  decisions 
so  you  can  deliver  a  more  reliable,  better  expe¬ 
rience,”  says  CEO  Peter  Relan. “There’s  tremen¬ 
dous  infrastructure-centric  technology  for 
management  and  system  visibility  yet  there’s 
veiy  little  customer-centric  technology’ 

Business  Signatures  aims  to  fill  that  gap. 
Customer  Impact  Management  runs  on  a  serv¬ 
er  and  aggregates  data  from  a  variety  of  inter¬ 
nal  and  external  sources,  including  Web  ses¬ 
sions,  application  logs  and  SNMP  feeds  from 
databases  and  security  devices. 

The  company’s  event-processing  technology 
is  key  to  keeping  up  with  a  continuous  volume 
of  HTTP-based  customer  events  in  real  time 
and  limiting  the  data  stored  to  a  manageable 
1 ,000  bytes  per  session,  Relan  says. 

Compared  with  traditional  Web  analysis 
products  that  rely  on  simulated  traffic, 
unwieldy  log  files  or  after-the-fact  data  ware¬ 


housing  methods,  Customer  Impact 
Management  is  much  more  efficient,  the  com¬ 
pany  says.  “We  can  store  many  more  sessions, 
using  much  less  storage,  and  actually  analyze 
them  in  real  time  because  we  don’t  need  a 
giant  data  warehouse  to  store  all  the  session 
data,”  Relan  says. 

The  offering  is  similar  to  business  activity 
monitoring  (BAM)  software  from  vendors 
such  as  Celequest,  Metastorm,  Oracle  and 
Tibco  Software.  However,  BAM  vendors  have 
typically  focused  on  monitoring  internal  cor¬ 
porate  systems,  such  as  whether  an  ERP  appli¬ 
cation  is  functioning  properly  rather  than 
online  activity  says  Guy  Creese,  managing 
principal  at  Ballardvale  Research. 

There  also  are  similarities  between  what 
Business  Signatures  and  Web  analytics  ven¬ 
dors  such  as  WebTrends  and  WebSideStory 
do.  The  difference  is  that  Web  analytics  soft¬ 
ware  is  generally  geared  more  toward  report¬ 
ing  visitor  trends  than  taking  action,  Creese 
says. 

In  addition,  whereas  Web  analytics  and  BAM 
products  typically  store  transaction  informa¬ 
tion  and  then  do  an  analysis,  Business 
Signatures’  software  characterizes  and  draws 
conclusions  about  user  behavior  right  away 
“Business  Signatures  profiles  the  behavior 
and  stores  the  profile,  rather  than  storing  the 
behavior  and  profiling  it  later,”  Creese  says. 

Co-founders  Relan, Sunil  Bhargava  and  Joyo 
Wijaya  each  spent  time  at  Oracle  and  online 
grocer  Webvan  Group  before  joining  forces  in 
2001  to  build  the  technology.  The  trio  started 
the  company  in  a  cottage  Relan  owned  — 
thus  the  name  Cotagesoft,  which  Business 


Signatures  went  by  in  its  early  years. 

Business  Signatures’  early  customers  include 
ING  Direct,  H&R  Block,  Geico  and 
Safeway.com. 

ING  Direct  has  been  working  with  Business 
Signatures  since  2001,  says  Mark  Thompson, 
head  of  the  technology  office  at  the  bank, 
located  in  Wilmington,  Del.,  and  does  about 
80%  of  its  U.S.  business  online.  At  the  time,  ING 
Direct  had  the  tools  to  monitor  IT  systems  but 
was  looking  for  software  that  could  monitor,  in 
real  time,  the  performance  of  business 
processes  —  such  as  a  customer  opening  a 
new  account  —  that  cross  multiple  networks 
and  systems. 

It’s  easy  to  accumulate  data  from  myriad  sys¬ 
tem  monitoring  tools,  but  what’s  tough  is 
immediately  correlating  data  and  events  with 
a  business  transaction  that’s  in  progress, 
Thompson  says.  “We’re  most  concerned  with 
whether  a  business  process  happened  or 
didn’t  happen,  whether  it’s  overnight  couriers 
and  U.S.  mail  showing  up  at  our  operations 
center  or  a  critical  feed  going  to  one  of  our 
third-party  providers,”  he  says.  “From  a  control 
standpoint,  we  want  to  know  immediately  if 
each  process  was  successful  or  not.” 

Business  Signatures’  software  helps  ING 
Direct  detect  transaction  failures  or  system 
slowdowns  as  they  occur  and  adjust  accord¬ 
ingly  instead  of  waiting  for  after-the-fact  perfor¬ 
mance  statistics. 

Business  Signatures’  Customer  Impact 
Management  starts  at  $100,000.  The  vendor 
plans  to  release  versions  of  its  software 
tailored  for  fraud  prevention  and  profit 
maximization.  ■ 
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ftThe  firewall  is  good  at  keeping  out  script  kid¬ 
dies  and  denial-of-service  attacks  but  other¬ 
wise  it’s  really  not  a  good  security  boundary 
with  the  Web  and  e-mail  coming  in.W 

Paul  Simmonds,  global  information  security  director,  chemicals  and  paints  manu¬ 
facturer  ICI  and  Jericho  Forum  member. 


Perimeter 

continued  from  page  1 

security  perimeter  that  people  put 
around  their  servers  is  even  more 
critical  today  The  perimeter  can¬ 
not  go  away  and  does  not  get  less 
important  in  the  future.” 

There’s  an  underlying  need  that 
“the  network  must  reward  good 
traffic  and  neutralize  suspicious  or 
unknown  traffic,”  Bescatore  said. 
And  that  means  “controlling  the 
perimeter  is  ever  more  important." 

The  Jericho  Forum  —  the 
groups  name  refers  to  the  Biblical 
walls  that  miraculously  came 
tumbling  down  at  the  sound  of 
trumpets  —  is  on  a  mission  to 
define  a  new  security  architec¬ 
ture.  The  forum  calls  knocking 
down  the  old  firewall,  as  well  as 
border  proxies,  a  “de-perimeteriza- 
tion”  process  that  can  be  achieved 
within  a  matter  of  years.  The  mis¬ 
sion  of  its  seven  dozen  members, 
which  include  Barclays  Bank, 
Boeing  and  Eli  Lilly,  is  to  make  the 
IT  industry  aware  that  it  needs  a 
new  style  of  access  control  and 
data  integrity  product  that  pushes 
control  deep  inside  intranets. 

The  Jericho  Forum’s  quest  to  re¬ 
move  the  traditional  perimeter 
firewall  and  still  maintain  security 
strikes  some  as  an  impossible  mis¬ 
sion. 

“There  really  isn’t  an  alternative 
at  the  moment  and  I  doubt  there 
will  be,”  says  Nigel  Fletcher, 
mobile  segment  manager  at  BG 
Group,  a  6,000-employee  oil  and 
gas  company  in  the  U.K.  that  has 
offices  and  exploration  outposts 
around  the  world.“A  massive  leap 
of  faith  would  be  required  for  this 
to  happen.” 

The  firewall  debate 

Firewalls  have  their  pros 
and  cons. 

Pros _ 

Provide  a  clear  definition  of  the 
corporate  network  border. 

Defend  against  denial-of-service 
attacks,  other  threats. 

Clear  alternatives  to  a  perimeter 
defense  don't  exist. 

Cons  _ 

As  voice  and  data  networks  converge, 
the  firewall  is  an  obstacle. 

Using  firewalls  runs  counter  to  the 
idea  of  moving  security  controls  to 
internal  end  systems  or  applications. 

Hardened  perimeter  strategy  is  at 
odds  with  business-to-business  needs 
and  outsourcing. 


Check  Fbint  Software,  the  fire¬ 
wall  market  leader,  scoffs  at  the 
idea  of  ditching  the  firewall. 

“First  of  all,  we  use  the  term 
‘perimeter  security  gateway?  ”  says 
Andy  Singer,  Check  Point’s  direc¬ 
tor  of  market  intelligence.  “A  fire¬ 
wall  is  a  feature  for  opening  and 
closing  ports.  There  are  all  these 
things  you  can  add  to  the  gate¬ 
way  such  as  VPNs,  or  intrusion 
prevention.” 

Singer  applauds  the  forum’s 
effort  to  “get  people  from  all  over 
the  world  talking  about  how  secu¬ 
rity  might  be  in  10  to  20  years  — 
that  doesn’t  typically  happen.”  But 
he  says  their  ideas  don’t  make 
sense. 

The  perimeter  as  a  security  con¬ 
cept  “will  not  go  away?’ Singer  says. 
He  notes  that  firewalling  has 
grown  beyond  network-level  prod¬ 
ucts  to  include  application-layer 
protection  that  can  inspect  HTTP- 
based  traffic  through  Part  80. 

Although  the  forum  says  the 
growth  of  VoIP  traffic  complicates 
the  situation  for  firewall  use  even 
further,  Singer  dismisses  such 
concerns  as  unwarranted.  He 
urges  the  forum  to  take  a  closer 
look  and  give  perimeter  gateways 
a  chance. 

Some  security  managers 
acknowledge  they  simply  can’t 
envision  life  without  the  perime¬ 
ter  firewall. 

“We  see  this  as  a  baseline,”  says 
Geoff  Aranoff,  chief  information 
security  officer  at  semiconductor 
manufacturer  Broadcom  in 
Irvine,  Calif.,  adding  that  he  didn’t 
see  an  alternative  to  having  a  fire¬ 
wall  at  the  Internet’s  edge. 
Although  enabling  business  part¬ 
ners  to  gain  internal  access  to 
Broadcom’s  network  through  fire¬ 
walls  requires  a  lot  of  extra  work, 
it  isn’t  an  impossible  obstacle  to 
overcome,  he  says. 

But  the  difficulty  in  enabling  col¬ 
laborative  e-commerce  through 
firewalls,  plus  a  growing  lack  of 
trust  in  firewall  strength,  help 
explain  why  the  forum  wants  to 
see  at  least  one  or  two  walls  come 
down. 

“The  firewall  is  good  at  keeping 
out  script  kiddies  and  denial-of- 


service  attacks,  but  otherwise  it’s 
really  not  a  good  security  bound¬ 
ary  with  the  Web  and  e-mail  com¬ 
ing  in,”  says  Paul  Simmonds,  glob¬ 
al  information  security  director  at 
chemicals  and  paints  manufac¬ 
turer  ICI  in  the  U.K.,  which  is  a 
Jericho  Forum  member. 

At  the  same  time,  the  firewall 
gateway  is  a  hindrance  for  direct 
and  cost-effective  server-to-server 
e-commerce,  he  says. 

Nevertheless,  any  attempt  at  giv¬ 
ing  up  the  firewall-based  DMZ 
would  be  “corporate  suicide,” 
Simmonds  says.  He  suggests  that 
a  sudden  “big  bang”  of  firewalls 
coming  to  an  end  is  not  likely  to 
occur,  though  some  forum  mem¬ 
bers,  including  BP-Amoco,  have 
managed  to  displace  a  few  fire¬ 
walls  in  their  global  operations. 

One  step  the  Jericho  Forum  is 
taking  to  move  things  forward  is 
running  a  contest  in  which  partic¬ 
ipants  are  asked  to  submit 
detailed  security  architecture  for 
database  authentication  and  Web- 


portal  access  over  the  Internet 
based  on  the  idea  of  de-perime- 
terization. 

The  single  document  describing 
the  de-perimeterization  concept 
was  published  in  February  titled 
“Visioning  White  Paper?’  It  can  be 
found  on  the  Web  site  of  the  Open 
Group,  a  consortium  that  pro¬ 
motes  open  standards  and  hosts 
the  forum  (see  www.network 
world.com,  DocFinder:  7846). 

About  two  dozen  submissions 
received  for  a  proposed  de- 
perimeterization  architecture 
have  been  received,  Simmonds 
says.  Winners  are  scheduled  to 
be  announced  at  the  Black  Hat 
Conference  in  Las  Vegas  this 
month. 

The  contest,  with  a  $1,000  prize, 
is  being  underwritten  by  vulnera¬ 
bility-assessment  services  provider 
Qualys,  one  of  the  few  vendors 
belonging  to  the  forum. 

The  forum,  which  wants  to 
remain  an  end-user  advocacy 
organization,  last  February 


opened  its  doors  to  vendors,  as 
well.  The  first  large  vendor  to  sign 
on  has  been  IBM,  Simmonds  says. 
Vendors,  however,  can’t  vote  on 
workgroup  output  or  sit  on  the 
management  board. 

Qualys  CTO  and  Vice  President 
of  Engineering  Gerhard 
Eschelbeck  says  the  forum’s  ideas 
need  to  be  heard  because  the 
perimeter  is,  in  fact,  already  gone. 

“The  perimeter  protection 
model  has  already  disappeared, 
with  nearly  any  protocol  being 
tunneled  via  a  single  open  port,” 
Eschelbeck  says.  “Firewalls  today 
act  mostly  as  static  enforcement 
points  at  the  perimeter.The  indus¬ 
try  needs  to  move  security  en¬ 
forcement  into  the  core  of  the 
network,  and  develop  a  single 
architecture  where  systems  are 
dynamically  admitted  to  the  net¬ 
work  at  individual  enforcement 
points.” 

He  adds:“This  includes  the  abil¬ 
ity  to  dynamically  control  net¬ 
work  access  based  on  applica¬ 
tion,  credentials  of  the  user,  secu¬ 
rity  exposure  and  health  of  the 
individual  endpoint  systems.” 

Easier  said  than  done,  perhaps. 

“Ultimately  we  are  a  bunch  of 
corporates  who  are  consumers 
of  vendor  solutions,”  Simmonds 
says.  “This  may  be  five  years 
down  the  line, but  we  need  these 
products.”  ■ 


Sun,  CA  buys  expand  offerings 


BY  CHINA  MARTENS  AND  ELLEN  MESSMER 

Sun  last  week  said  it  is  buying  SeeBeyond 
Technology  for  $387  million  in  cash  in  a  move  to 
boost  its  presence  in  the  business  integration  soft¬ 
ware  arena.  Sun  officials  say  the  company  is  likely  to 
buy  more  firms  in  this  market. 

Sun  has  been  placing  a  lot  of  emphasis  on  the  ser¬ 
vice-oriented  architecture  (SOA)  development 
model  and  hopes  its  acquisition  of  SeeBeyond  will 
fill  out  its  portfolio  of  products  for  developing, 
deploying  and  managing  SOAs  and  other  enterprise 
applications,  according  to  company  executives. 

Sun  Chairman  and  CEO  Scott  McNealy  said  his 
company  had  been  looking  around  for  a  suitable 
acquisition  to  allow  Sun  to  “go  for  the  $5  billion  enter¬ 
prise  application”  market  space. 

“It’ll  be  a  $2  billion  market  going  forward,” says  Sun 
President  and  COO  Jonathan  Schwartz.“We  plan  on 
taking  half  of  it.” 

Sun  is  likely  to  make  other  middleware  acquisi¬ 
tions.  “We’re  certainly  still  quite  flush  with  cash”  to 
make  further  purchases,  McNealy  said.  “Stay  tuned 
as  we  continue  to  redefine  this”  strategy 

SeeBeyond’s  Integrated  Composite  Application 
Network  software  suite  runs  natively  on  Java  2 
Platform  Enterprise  Edition  (J2EE).The  software  will 


become  the  sixth  piece  of  Sun’s  Java  Enterprise 
System  and  will  be  known  as  the  Sun  Java  System 
Integration  Suite,  according  to  McNealy 

Separately,  Computer  Associates  announced  it  has 
acquired  Tiny  Software,  a  Santa  Clara,  Calif.,  maker  of 
Windows-based  desktop  and  server  firewall  prod¬ 
ucts,  for  an  undisclosed  amount.  Sam  Curry  CAs  vice 
president  of  eTrust  Security  Management,  says  CA 
acquired  Tiny  primarily  for  its  firewall  software  devel¬ 
opment  kit  to  fill  a  gap  in  CAs  own  product  line. 

It’s  expected  that  the  Tiny  firewall  technology  will 
be  added  to  desktop  products  that  also  combine 
CAs  anti-virus  and  anti-spyware  software  (acquired 
last  year  from  PestPatrol). 

In  addition,  CA  will  continue  to  support  and  mar¬ 
ket  the  Tiny  Personal  and  Tiny  Server  firewalls  direct¬ 
ly  to  consumers  and  business.There  currently  are  an 
estimated  2  million  customers. 

Tiny  Software  earlier  this  year  announced  its  2005 
line  of  firewalls,  detailing  varying  types  of  spyware- 
related  protection,  such  as  preventing  code  injec¬ 
tion.  More  recently  it  released  Tiny  Firewall  64,  an 
offering  for  64-bit  Windows  operating  systems. 

Martens  is  a  correspondent  with  the  IDG  News 
Service. 
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Ethernet 

continued  from  page  1 

Carriers  have  good  reason  to  do 
this:  Ethernet  service  revenue,  cur¬ 
rently  at  $6  billion,  is  expected  to 
hit  $20  billion  or  better  by  2008, 
according  to  research  firms  IDC 
and  Infonetics. 

BellSouth  will  ante  up  in  the  first 
half  of  2006  with  its  Virtual 
Ethernet  Service  (VES),an  MPLS- 
enabled  offering  that  will  support 
four  classes  of  service  assigned  on 
a  per-virtual  LAN  (VLAN)  basis. 
The  four  service  classes  will  be 
similar  to  what  BellSouth  now 
offers  customers  of  its  MPLS- 
based  RFC  2547  Layer  3  VPN  ser¬ 
vice:  real  time  for  voice,  interac¬ 
tive  for  video,  business  critical  and 
best  effort. 

“With  VES,  the  concept  is  to  take 
your  traditional  Ethernet  private 
line  or  switched  Ethernet  service 
—  which  is  really  a  port-based  ser¬ 
vice  where  you  have  one  class  per 
port  —  and  virtualize  the  port  into 
a  class-per-VLAN  model,”  says 
Suzy  Gray  BellSouth  director  of 
emerging  data  transport. 

Analysts  say  virtualizing  the 
Ethernet  port  could  enable  differ¬ 
ent  types  of  service  —  such  as 
frame  relay  —  to  be  terminated 
on  Ethernet,  facilitating  the  migra¬ 
tion  from  a  legacy  data  service  to 
a  new  one. 

“That’s  an  example  of  the  kind 
of  thing  that  these  virtualized  con¬ 
nections  provide,”  says  Thomas 
Nolle,  president  of  consultancy 
CIMI.“You  try  to  make  a  series  of 
remote  sites  appear  as  though 
they  are  on  an  Ethernet  LAN  even 
though  those  sites  are  connected 
via  some  other  type  of  service.” 

VES  will  be  the  basis  of  a  Layer  2 
metropolitan  Ethernet  service 
and  an  access  option  to  the  Layer 
3  VPN  service  connecting  metro¬ 
politan  areas  within  BellSouth’s 
nine-state  region,  Gray  says.  As  an 
access  option,  VES  will  support 
multiple  service  classes  per  VLAN. 

Users  are  anxious  to  try  VES. 

“We  use  [BellSouth’s]  existing 
Metro  Ethernet  solution  to  con¬ 
nect  to  remote  workgroups”  in 
clinics  and  primary  care  facilities, 


*  The  story  “Whale  faces  chal¬ 
lenges"  (June  27,  page  22)  should 
not  have  described  the  financial 
picture  of  Whale  Communications 
as  sipping. 


says  Dave  Dully  director  of  tech¬ 
nology  at  Baptist  Health  in 
Jacksonville,  Fla.  VES  “would  offer 
more  flexibility  in  prioritizing  the 
service  for  clinical  applications 
and  voice.” 

“We’ve  got  places  right  now 
where  we  can’t  put  out  VoIP 
because  we  can’t  get  the  QoS  we 
need,”  says  Mick  Gunter,  IT  direc¬ 
tor  at  Blue  Rhino,  a  propane  tank 
exchange  company  in  Winston- 
Salem,  N.C.  “I’ve  been  talking  to 
BellSouth  for  probably  two  years- 
plus  so  it’s  exciting  that  the  prod¬ 
ucts  are  starting  to  actually  come 
out  on  the  marketplace.” 

Though  VES  will  be  MPLS- 
enabled,  Gray  stopped  short  of 
saying  it  will  be  based  on  Virtual 
Private  LAN  Services  (VPLS),  an 
increasingly  popular  IETF  propos¬ 
al  for  MPLS-based  Layer  2  multi¬ 
point  Ethernet  services.  BellSouth 
views  VPLS  as  more  beneficial 
between  metropolitan  areas 
rather  than  within  them. 

“I  would  say  that  VES  is  more 
VPLS-like  in  the  context  of  having 
the  ability  to  do  multipoint  capa¬ 
bility’  Gray  says.  “However,  some¬ 
thing  that’s  very  specific  to  VPLS 
is  inter-domain  connectivity  What 
we’re  looking  right  now  at  VES  is 
still  metro-Ethernet  specific.” 

For  inter-metropolitan  connec¬ 
tivity  BellSouth  will  encourage 
metropolitan  Ethernet  users  to 
employ  VES  as  an  access  method 
for  its  Layer  3  VPN  offering  while 
it  continues  to  evaluate  VPLS, 
Gray  says. 

BellSouth  was  considering  VPLS 
and  Ethernet  Relay  as  foundation 
technologies  for  VES  and  as  a  way 
to  “granularize”  higher-speed 
(10M  bit/sec  and  above)  Ethernet 
services,  says  Mark  Kaish, 
BellSouth  vice  president  of  next- 
generation  solutions.  BellSouth 
also  plans  to  offer  a  sub-lOM 


bit/sec  symmetric,  QoS-capable 
service  for  corporate  networks 
next  year. 

Ethernet  Relay  is  a  frame  relay¬ 
like  feature  of  Cisco  7600  series 
routers  —  which  anchor  Bell¬ 
South’s  metropolitan  Ethernet 
service  —  that  lets  a  service 
provider  multiplex  multiple 
point-to-point  and  multipoint 


connections  from  one  or  several 
subscribers  onto  a  single 
Ethernet  port.  However,  Gray  inti¬ 
mated  that  Ethernet  Relay  is  not 
the  answer  for  VES. 

“Ethernet  Relay  is  kind  of  a  ven¬ 
dor-coined  term  that  implies  a 
connection-oriented  approach 
where  you  literally  have  a  point- 
to-point  service,”  she  says. 

BellSouth  has  not  yet  estab¬ 
lished  pricing  or  per  class-of-ser- 
vice  service-level  agreement  met¬ 
rics  for  VES.  Generally,  Ethernet 
services  cost  about  $900  to  $1,000 
per  month  for  10M  bit/sec 
throughput  and  $5,000  per  month 
for  100M  bit/sec. 

Pricing  VES  will  be  one  of 
BellSouth’s  challenges,  Nolle  says. 

“The  users  have  no  interest  in 
VPNs  except  insofar  as  they  save 
money[’  he  says.  “The  offering  is 
going  to  have  to  be  something  be¬ 
tween  a  25%  and  a  35%  cost  re¬ 
duction  vs.  the  prior  service,  or 
the  guy’s  not  interested  because 
the  buyer  perceives  the  conver¬ 
sion  as  a  risk.”  ■ 


Cisco  snaps  up 
security  firm 

BY  PETER  SAYER 

Cisco  last  week  said  it  has  agreed  to  pay  $30  million  for  a  year-old 
start-up  called  NetSift,  which  develops  deep-packet  processing  technol¬ 
ogy  that  can  be  used  for  detecting  network  attacks  as  they  happen. 

The  privately  held  company  was  founded  in  June  2004  and  employs 
15  people.  The  acquisition  will  let  Cisco  add  new  packet  processing 
capabilities  to  its  future  software  platforms,  such  as  modular  switching, 
Cisco  says.  The  company  could  use  NetSift  s  technology  to  stop  mali¬ 
cious  software  from  crossing  networks  built  using  its  hardware. 

In  March,  NetSift  ran  a  recruitment  advertisement  looking  for  security 
engineers  capable  of  identifying  holes  in  Windows  and  translating  the 
code  to  exploit  the  holes  into  “NetSift  vulnerability  signatures.”  It  is 
developing  a  way  to  detect  and  quickly  stop  large-scale  worm  and 
denial-of-service  attacks  by  examining  traffic  at  high  speed  using  pro¬ 
prietary  hardware,  it  said  in  the  advertisement. 

Sumeet  Singh,  a  former  doctorate  student  in  the  Systems  and  Net¬ 
working  group  at  the  University  of  California,  San  Diego,  is  the  compa¬ 
ny’s  co-founder  and  chief  scientist,  according  to  his  home  page  on  the 
university’s  Web  site.  Singh  has  published  papers  on  a  variety  of  network 
security  and  intrusion-detection  topics,  including  automated  worm  fin¬ 
gerprinting. 

Cisco  says  it  will  incorporate 
NetSift  into  its  Internet  Systems 
Business  Unit. 

Cisco  has  been  on  something 
of  a  buying  binge,  with  NetSift 
being  its  seventh  announced  deal 
this  year. The  last  two,  FineGround 
Networks  and  M.I.  Secure,  also 
offer  security  products. 

Soyer  is  a  correspondent  with 
the  IDG  News  Service. 
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Endpoint  security  test 

While  most  endpoint  policy  enforcement 
products  we  tested  cover  the  basics, 
they  aren't  yet  core  components  of  a 
company’s  security  infrastructure. 
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WRTP54G 

Wireless-G  Router  with  Phone  Porta 


BUY 

a  Linksys  Wireless-G  Voice  Over 
IP  Router  with  Phone  Ports. 


How  it  Works 


ACTIVATE 

the  Vonage  Internet  Phone 
Service. 
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Opening  up  to 
open  source 


If  you’re  not  testing  open  source  software,  or  at  least  figur¬ 
ing  out  where  it  could  fit  in  your  data  center,  it’s  time  to 
start  looking.  As  the  Linux  operating  system  matures  out 
of  its  geeky  adolescence,  there  is  no  shortage  of  open  source 
tools  —  application  servers,  databases,  content  management 
systems,  CRM  —  riding  its  coattails. 

Not  that  you  should  be  rushing  to  throw  out  systems  to 
bring  in  free  software,  but  you  should  be  taking  a  hard  look 
at  where  open  source  can  work  in  your  data  center. 

In  our  Open  Source  special  section,  we  aim  to  provide  a 
good  foundation  on  which  you  can  build  an  open  source 

strategy  Our  collection  of  stories 
consider  all  sides  of  the  issue: 
where  and  how  open  source  is 
being  used;  what  successes  IT 
managers  are  finding;  what  hur¬ 
dles  they’re  facing;  and  what’s  in 
store  in  the  years  ahead. 

It’s  clear  that  open  source  soft¬ 
ware  is  making  inroads,  but  the 
transition  is  slow  Gartner  says  by 
2010  open  source  products  will 
account  for  no  more  than  10%  of 
the  overall  software  portfolio  in  Global  2000  companies.The 
research  firm  also  predicts  that  “despite  the  inherent  chal¬ 
lenges  ...  the  majority  of  mainstream  IT  organizations  will 
successfully  adopt  formal  open  source  management  strate¬ 
gies  as  core  IT  disciplines.” 

Which  is  to  say  that  while  open  source  might  not  be  the 
software  of  choice  all  the  time,  it  will  be  deployed  often 
enough  to  warrant  special  management  attention. 

In  our  lead  story  we  talk  about  this  growing  interest  in  open 
source  software  as  enterprise  users  comfortable  with  Linux 
begin  moving  up  the  stack.  In  “Getting  There:  Migrating  to 
Open  Source,”  page  22,  we  offer  a  laundry  list  of  good  advice. 

In  “Real  Deal, ’’page  18,  we  look  at  a  handful  of  companies 
that  have  had  success  with  open  source  tools,  including  a 
healthcare  facility  that  had  enough  faith  to  deploy  an  emer¬ 
gency  medical  records  system  based  on  open  source. 

Not  that  open  source  software  is  without  pitfalls.  In  “Risk,” 
page  30,  we  talk  about  the  downsides  of  open  source,  includ¬ 
ing  legal  vulnerabilities,  support  issues  and  performance 
questions.  Our  piece  on  security  outlines  the  controversy 
over  whether  open  source  is  more  secure  than  closed  source 
alternatives. 

Open  source  might  not  be  poised  to  kill  off  proprietary 
applications,  but  it  is  positioned  to  raise  the  caliber  of  enter¬ 
prise  software.  One  IT  executive  put  it, “Open  source  should 
be  one  arrow  in  the  quiver,  basically  and  an  important  one.“ 

—  Jennifer  Mears 
Senior  editor 
jmears@nww.  com 


Shameful  engineering 

Regarding  Mark  Gibbs’  BackSpin  column, “Shameful 
engineering”  (www.networkworld.com,  DocFinder: 
7823):  I  agree  completely  with  Gibbs.  Unfortunately, 
the  lack  of  error-checking,  user-friendly  messages 
and  conceptual  issues  he  describes  with  this  piece 
of  software  are  the  norm  in  most  of  today’s  retail  soft¬ 
ware  packages.  I  lay  a  large  portion  of  the  blame  for 
this  on  the  trend  over  the  last  10  years  where  people 
with  no  formal  education  in  software  engineering 
can  use  any  of  a  myriad  software  development  plat¬ 
forms  to  create  and  market  bad  code.  Moreover, 
object-oriented  programming  can  exacerbate  the 
problem  when  objects  containing  logic  flaws  are 
used  by  trusting  developers  all  over  the  world. 
Personally  I  wouldn’t  trust  any  object  where  I  can’t 
see  the  source  code. 

I  sat  through  a  seminar  a  few  years  back  where  a 
panel  of  experts  suggested  companies  could  fill  their 
software  development  needs  by  picking  talented 
people  from  their  organization  and  sending  them 
through  a  six-week  Web  site  development  course.  It’s 
this  lack  of  understanding  with  regard  to  just  how 
complex  quality  software  engineering  is  that’s 
behind  today’s  abysmal  state  of  software  quality 
While  it’s  obvious  to  most  lay  people  why  you  need 
trained  engineers  to  design  cars  and  buildings,  it 
escapes  most  people  why  quality  software  design 
requires  just  as  much  (if  not  more)  skill  and  effort.To 
be  an  excellent  software  designer/developer,  you 
must  have  the  skills  and  mind-set  of  a  watchmaker, 
mathematician,  psychologist,  architect,  attorney  and 
statistician  all  rolled  into  one. Yet  instead  of  cultivat¬ 
ing  and  valuing  those  among  us  with  these  abilities, 
shortsighted  senior  executives  at  too  many  compa¬ 
nies  are  firing  them  and  shipping  their  jobs  overseas. 

As  someone  with  an  engineering  degree  in  com¬ 
puter  science,  I  shake  my  head  in  disbelief  and  res¬ 
ignation  each  time  I  see  a  piece  of  software  from  a 


major  vendor  fail  because  of  a  simple  boundary 
error  condition  such  as  the  one  Gibbs  describes. Any 
first-year  computer  science  student  is  taught  that 
boundary  error  conditions  are  the  most  common 
source  of  bugs,  yet  untrained  or  lazy  software  devel¬ 
opers  continually  make  the  dumb  assumption  that 
“surely  no  one  will  ever  try  doing  that!” 

David  Reid 
CIO 

The  Krystal  Company 
Chattanooga, Tenn. 

As  1  was  reading  Mark  Gibbs’  column  on  Apple’s 
failure  to  properly  design  and/or  document  its  pic¬ 
ture  cataloging  software,  I  thought, “On  the  Windows 
side,  we  have  installation  scripts  that  don’t  work,  anti¬ 
virus  software  that  doesn’t  update  correctly  software 
that  won’t  install  properly  unless  you  turn  the  anti¬ 
virus  off  or  give  the  user  administrator  privileges, and 
so  on.  Why  should  Apple  be  any  different?” 

Bob  Havey 
Springfield,  Va. 

Juniper's  future 

Regarding  “Peeking  into  Juniper’s  future” 
(DocFinder:  7824):The  problem  is  that  Juniper  lacks 
a  product  portfolio  that  can  seriously  compete  with 
Cisco’s.  For  example,  the  MIOi  competes  with  Cisco’s 
7200  platform,  but  the  only  Juniper  product  that 
matches  up  with  Cisco’s  7600  is  the  M320,  which  is 
double  or  triple  the  price  of  the  7600.  Juniper  needs 
a  router  that  can  handle  10  Gigabit  Ethernet  with  a 
smaller  form  factor  than  its  carrier-class  boxes. 

Clarke  Morledge 
Network  engineer 
College  of  William  and  Mary 
Williamsburg, Va. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  aerification. 
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BRANCHING  OUT: 

Comfortable  with  Linux, 
organizations  look  For 
new  open  source  tools 
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Tale  of  the  tape:  Encrypt  data  now 


Data  should  be  encrypted  in  transit. All  you 
need  to  remember  is  those  six  words. 
When  your  company  ships  a  pile  of  back¬ 
up  tapes  from  Point  A  to  Point  B,  that’s  “in  tran- 
sit.”The  data  on  those  tapes  should  be  encrypt¬ 
ed.  Period.  End  of  discussion. 

Let  me  put  it  another  way  People  connect  to 
your  network  over  the  Internet  via  some  kind  of 
VPN  that  uses  encryption,  right?  You  wouldn’t 
think  of  shutting  down  your  IPSec  or  SSL  VPN 
and  going  back  to  unencrypted  Point-to-Point 
Tunneling  Protocol  would  you?  “Of  course  not,” 
you  say.  Well,  that’s  data  in  transit,  and  it’s 
encrypted.  Not  because  you  think  that  anyone 
is  necessarily  trying  to  listen  in.  But  just  in  case. 

It’s  the  same  way  with  back-up  tapes  that  you 
plan  to  ship  somewhere.You  can  probably  send 
tapes  out  every  day,  even  twice  a  day,  for  years 
and  never  lose  a  set.  But  as  good  as  FedEx  may 
be,  chances  are  it’s  going  to  lose  a  package 
sooner  or  later.  So  just  in  case,  the  data  should 
be  encrypted.  It’s  inexpensive  —  there’s  no 
excuse  for  not  encrypting.  By  network  stan¬ 
dards,  tape  drives  are  dog  slow.  Your  average 
$300  home  firewall  will  encrypt  at  70M  to  80M 


bit/sec  —  nearly  twice  as  fast  as  your  typical 
digital  linear  tape  drive.  And  that  dual-CPU,  3.2- 
GHz  server  you’re  using  to  run  the  tape  drives 
can  do  it  without  breaking  a  sweat. 

What  bothers  me  about  this  issue  are  the 
amazingly  long  rivers  of  text  written  by  people 
who  don’t  understand  why  operations  man¬ 
agers  who  don’t  encrypt  data  in  transit  should 
be  fired. This  is  not  a  complex  issue;  it’s  a  simple 

Those  who  aren’t  encrypt¬ 
ing  their  back-up  tapes 
today  should  be  fired 
tomorrow. 

one.  I  feel  like  Ernest  Hemingway  here.  Encrypt 
your  data. 

Of  course,  I  know  why  the  tapes  aren’t 
encrypted.  It’s  that  status  quo  thing  I  wrote 
about  in  my  last  column  (see  www.network- 
world.com,  DocFinder:  7825).  Operations  man¬ 
agers  have  been  directing  backups  for  10, 
maybe  20  years.  Back  then,  we  never  thought 
about  the  security  of  data  on  tapes,  and  many 


operations  managers  have  never  revisited  the 
issue.The  security  team  probably  never  thought 
to  call  up  the  operations  team  and  ask  about 
this  topic. 

But  when  the  first  lost  back-up  tape  story  hit 
the  news  months  ago  (DocFinder:  7826),  it 
should  have  shocked  every  operations  manag¬ 
er  in  the  world  into  saying,  “I  need  to  start 
encrypting  data  tomorrow”  Those  who  aren’t 
encrypting  their  back-up  tapes  today  should  be 
fired  tomorrow. There’s  no  excuse  for  not  doing 
this,  other  than  incompetence. 

Once  we  get  these  negligent  operations  man¬ 
agers  out  of  the  way,  we  can  start  in  on  the  IT 
people  who  are  passing  out  corporate  laptops 
without  encrypted  hard  drives  and  Web  design¬ 
ers  who  aren’t  using  SSL  encryption  on  every 
page.  And  a  hint  to  the  security  team:  If  you’re 
not  reaching  into  every  corner  of  your  compa¬ 
ny  and  asking  these  questions,  your  services 
could  be  “no  longer  required”  shortly 

Snyder,  a  Network  World  Test  Alliance  partner,  is 
a  senior  partner  at  Opus  One  in  Tucson,  Ariz.  He 
can  be  reached  at  Joel.Snyder@opusl .com. 
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Get  used  to  competing  for  jobs 


As  high  school  and  college  graduation 
announcements  of  friends  and  relatives  hit 
my  mailbox  this  summer,  I  think  about 
these  young  people  entering  their  college  stud¬ 
ies  or  careers.!  take  a  particular  interest  in  those 
entering  the  IT  field,  as  I  did  myself  more  than 
two  decades  ago,  and  feel  ever  so  grateful  I’m 
not  in  their  position.  Many  will  find  out  the  hard 
way  that  both  the  current  job  market  and  the 
long-term  outlook  for  IT  careers  in  the  U.S.  are 
shakier  than  ever. 

Granted,  we  are  a  couple  of  years  past  the  tech 
career  crash  of  2001,  when  hundreds  of  thou¬ 
sands  of  IT  professionals  lost  their  jobs.  While 
selective  hiring  has  begun  to  grow  again,  the 
overall  IT  market  has  shrunk  considerably  since 
the  start  of  the  millennium.  For  instance,  the 
Economic  Policy  Institute  reports  that  16%  of 
jobs  in  the  US.  software  industry  disappeared 
between  March  2001  and  March  2004. 

The  majority  of  the  jobs  haven’t  so  much  dis¬ 
appeared  as  moved  overseas  to  places  such  as 
India,  China  and  Malaysia.  And  it’s  no  wonder 
the  jobs  are  migrating.  1EEE-USA  says  the  median 
income  of  a  U.S.  software  engineer  was  about 
$100,000  in  2003.  In  India,  that  job  pays  about 
$11,400  to  a  senior-level  software  engineer, 
according  to  Payscale.That’s  a  big  difference  for 
companies  desperately  trying  to  stretch  their 
software  development  budgets. 

Carly  Fiorina,  former  CEO  of  HPcaused  quite  a 
controversy  when  she  said  about  the  movement 
of  jobs  overseas,  “There  is  no  job  that  is 
America’s  God-given  right  anymore.  We  have  to 


compete  for  jobs.”  Maybe  Fiorina  was  a  bit  brash 
in  her  way  of  saying  it,  but  Americans  could  use 
the  wake-up  call  she  was  sending  us:  We  have  to 
compete  for  jobs.  And  I  might  add  that  we  have 
to  be  willing  to  work  as  hard  as  or  harder  than 
those  we  compete  against. 

The  Associated  Press  recently  ran  a  story  about 
computer  jobs  losing  their  luster.  It  cited  a  recent 
Stanford  graduate  with  a  major  in  computer  sci¬ 
ence  and  a  minor  in  economics.  When  he  start¬ 
ed  college  in  2001,  his  goal  was  to  become  a 
code  writer  for  a  technology  company.  Instead, 

. . .  it’s  impossible  to  com¬ 
pete  against  the  econom¬ 
ics  that  reward  a  company 
for  sending  jobs  overseas. 

he  has  taken  a  job  with  The  Boston  Consulting 
Group  because  “a  consulting  job  injects  you 
into  companies  at  a  higher  level,”  he  says.  “You 
don’t  feel  like  you’re  doing  basic  stuff.” 

Excuse  me?  This  kid  is  22  years  old!  How  does 
he  think  he’ll  be  a  good  consultant  without  ever 
having  done  “the  basic  stuff”?  You  can’t  go  from 
college  student  to  sage  consultant  overnight. 
While  I  don’t  blame  him  for  wanting  to  earn 
good  money,  I  do  question  his  unwillingness  to 
learn  the  fundamentals  of  business  before  try¬ 
ing  to  jump  in  at  a  “higher  level.”Whatever  hap¬ 
pened  to  starting  at  the  bottom  and  working 
your  way  up? 


By  contrast,  a  recent  article  in  IndiaTimes 
highlights  the  focus  Indian  students  have 
toward  their  technical  careers.  For  example,  Anil 
is  a  high  school  senior  intent  on  entering  the 
India  Institute  of  Technology,  and  he’s  leaving 
nothing  to  chance.“I  started  coaching  for  IIT  the 
moment  my  [10th  grade]  exams  got  over’’  he 
says.  He  has  correspondence  notes  from  one  of 
the  top  tutorials  in  the  city  and  goes  for  classes 
with  three  professors  for  different  subjects.  “I 
want  to  get  into  [electrical  and  electronic  engi¬ 
neering]  or  computer  science  in  IIT.  1  won’t  set¬ 
tle  for  less.  And  once  I  finish,  I’ll  have  all  Fortune 
100  companies  beating  a  path  to  my  doorstep,” 
he  says. 

In  a  country  with  a  population  of  more  than  1 
billion,  it’s  understandable  why  Indian  students 
are  intent  on  preparing  for  success  in  the  busi¬ 
ness  world.  American  students,  I  fear,  don’t  feel 
that  same  sense  of  urgency.  One  can  argue,  too, 
that  it’s  impossible  to  compete  against  the  eco¬ 
nomics  that  reward  a  company  for  sending  jobs 
overseas. 

So  to  the  new  graduates  and  especially  those 
with  an  eye  on  a  career  in  IT,  1  say:  Roll  up  your 
sleeves  and  work  hard,  don’t  take  your  job  for 
granted,  and  develop  skills  and  knowledge  that 
will  protect  your  career.  And  good  luck  —  you’ll 
need  it! 

Musthaler  is  vice  president  of  Currid  & 
Company,  a  technology  assessment  firm  in 
Houston.  She  can  be  reached  at 
linda@currid.  com. 
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Comfortable  with  Linux,  organizations 
look  for  new  opportunities  to  employ 
open  source  tools. 

BY  JENNIFER  MEARS  AND  ANN  BEDNARZ 

THE  OPEN  SOURCE  SUPPORT 
center  at  Fidelity  Investments 
is  humming. The  organization, 
formed  two  years  ago  within 
the  Fidelity  Center  for  Applied 
Technology  is  responsible  for 
determining  where  —  and 
how  —  open  source  software 
fits  in  the  financial  services 
giant’s  broad  IT  infrastructure. 

Fidelity  has  been  using  Linux  for  years,  so  long 
that  Charlie  Brenner,  senior  vice  president  of  FCAT 
in  Boston,  says  the  operating  system  is  “part  of  the 
DNA  here.”  What’s  of  interest  now,  he  says,  is  moving 
up  the  stack.  “We  would  love  to  run  fewer  propri¬ 
etary”  applications. 

The  appeal  of  innovative,  broadly  tested,  commu¬ 
nity-supported,  low-cost  software  that  provides  the 
added  incentive  of  sidestepping  vendor  lock-in  is 
enticing  more  companies  to  take  a  look  at  what’s 
available  beyond  Linux. 

Open  source  tools  such  as  Linux  and  the  Apache 
Web  server  are  considered  the  old  guard, used  in  var¬ 
ious  ways  in  most  enterprise  data  centers.  But 
momentum  is  building  around  infrastructure  appli¬ 
cations  such  as  the  JBoss  application  server,  data¬ 
bases  such  as  MySQL  and  PostgreSQL,  and  security 
tools  such  as  OpenSSL  and  Snort.  Content  manage¬ 
ment  and  collaboration  tools  also  are  getting  a  sec¬ 
ond  look.  CRM  and  ERP  are  emerging  as  open 
source  alternatives,  as  is  code  for  IP  PBXs  and  other 
network  gear. 

Analysts  say  a  growing  number  of  enterprise  users 
are  turning  to  maturing  open  source  tools.  Gartner 
predicts  that  by  2008  open  source  software  will  com¬ 
pete  with  proprietary  products  in  all  software  mar¬ 
kets.  By  2010,  the  Global  2000  will  consider  open 
source  for  80%  of  their  infrastructure  investments 
and  for  a  quarter  of  their  business  software  needs.  It’s 
a  dramatic  change  considering  that  last  year  open 


source  was  considered  in  fewer  than  5%  of  business 
application  decisions. 

“The  barriers  [to  open  source]  are  falling  awajf 
says  Mark  Driver,  a  vice  president  and  research  ana¬ 
lyst  at  Gartner. “Companies  who  would  not  have  con¬ 
sidered  open  source  software  in  the  past  because 
they  were  worried  about  nightmare  scenarios,  now 
are  saying, ‘If  we  were  successful  with  Linux,  maybe 
we  can  be  successful  with  databases,  with  content 
management.’” 

Client  requests  for  information  regarding  open 
source  are  “coming  out  of  the  woodwork,”  Driver 
says.  Gartner  will  hold  its  first  open  source-focused 
conference  in  December. 


Why  now? 

As  companies  become  more  comfortable  with 
Linux,  they  are  more  receptive  to  bringing  in  a  wider 
variety  of  open  source  tools  —  all  part  of  an  indus¬ 
try  move  toward  open  standards. 

“It’s  a  general  trend  in  the  industry  towards  having 
more  choice,  to  not  being  locked  in  to  any  one  pro¬ 
prietary  vendor"  says  Adam  Jollans,  chief  Linux  tech¬ 
nologist  for  IBM’s  software  group.  IBM  in  May  gave  a 
nod  to  the  growing  interest  in  open  source  applica¬ 
tions  by  buying  Gluecode  Software,  a  company  that 
provides  software  and  support  for  the  Apache 
Geronimo  application  server  that  competes  with 
IBM’s  WebSphere  at  the  low-end. 
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“Part  of  it  is  customers  have  had  experience  with 
Linux  and  have  found  that  the  operating  system  is 
great, Mollans  says.“They  like  it  a  lot, they  like  what  it’s 
providing  in  terms  of  choice  and  they  want  that  kind 
of  flexibility  in  other  areas.” 

A  recent  Forrester  survey  of  128  IT  decision  makers 
found  that  nearly  three-quarters  are  using  open 
source  or  Linux  now  or  plan  to  in  the  next  12  months. 
Not  surprisingly  the  majority  of  those  are  using  Linux 
or  the  Apache  Web  server,  but  tools  such  as  MySQL, 
JBoss  and  the  Struts  application  development  frame¬ 
work  are  included  on  the  list  of  tools  in  use. 

“You’re  going  to  hear  a  lot  more  about  open  source 
solutions  higher  up  the  stack  and  a  lot  less  about 
Linux  onty’  predicts  Efrain  Rovira,  worldwide  direc¬ 
tor  of  marketing  for  HP’s  Linux  organization,  which 
earlier  this  year  was  renamed  the  Open  Source  and 
Linux  organization  to  reflect  HP’s  expanded  focus. 

“We’re  moving  from  a  phase  where  it  was  about 
Linux  and  Apache  on  the  edge  to  a  phase  where  it’s 
[infrastructure  software]:  JBoss,  Geronimo,  MySQL, 
PostgreSQL,  Ingress.  The  next  phase  is  when  open 
source  moves  even  higher  up  the  stack  to  ERP  and 
CRM,”  Rovira  says. 

Charles  Hausmann,  CTO  and  co-founder  of 
VaultLogix,  an  Ipswich,  Mass.,  provider  of  offsite  data 
backup  services,  has  already  made  that  move. 

VaultLogix  deployed  SugarCRM’s  software  last 
summer  and  today  runs  the  newly  available  Sugar 
Professional  3.0,  which  adds  document  manage¬ 
ment,  project  management  and  help  desk  features  to 
the  suite’s  core  sales  and  marketing  capabilities. 

One  advantage  of  an  open  source  CRM  package  is 
being  able  to  try  before  buying.  “We  downloaded, 
installed  and  started  using  it  for  a  few  months  before 
we  bought  it,”  Hausmann  says.“It  was  exactly  what 
we  needed.  It  wasn’t  overkill  and  the  sales  guys 
weren’t  afraid  to  use  it.” 

Hausmann  has  been  using  open  source  products 
for  more  than  a  decade  and  has  watched  the  indus¬ 
try  mature.  “Now  you  can  get  support  for  MySQL 
and  PostgreSQL  —  which  are  very  stable,  very  good 
alternatives  to  Oracle  or  DB2.With  that  kind  of  sta¬ 
bility  available  for  the  corporate  market,  it’s  leading 
the  way  for  people  to  ask,  ‘OK,  what  else  is  in  this 
bucket?”’  he  says. 

A  growing  support  system 

At  the  same  time,  analysts  stress  that  users  have  to 
keep  their  eyes  open,  making  sure  support  is  avail¬ 
able,  the  software  has  been  tested  and  certified  and 
the  long-term  plans  of  the  project  are  sound. 

In  addition,  while  the  software  is  inexpensive,  you 
have  to  assess  costs  associated  with  service  and  sup¬ 
port,  training  and  overcoming  hurdles  in  integrating 
the  tools  with  legacy  infrastructure. 

“There’s  still  this  mentality  where  people  think 
open  source  equals  free,” says  Robert  Kunz,  president 
and  CEO  of  Knowledge  Blue,  which  sells  implemen¬ 
tation  and  support  services  for  Compiere’s  open 
source  ERP  applications  and  also  uses  the  software 
in-house.  “It’s  far  from  that.  You’re  going  to  want  to 
make  enhancements,  you’re  going  to  need  support.” 

Similar  issues  dogged  Linux  early  on.  But  it  has 
matured  into  a  mainstream  operating  system  with 


support  from  all  major  systems  vendors  and  an  ex¬ 
panding  independent  software  vendor  community 

The  same  thing  is  happening  as  open  source 
moves  up  the  stack.  A  number  of  vendors  are  emerg¬ 
ing  to  provide  the  kind  of  support  system  that  enter¬ 
prise  users  demand.  HRfor  example,  earlier  this  year 
expanded  its  relationship  with  JBoss  to  provide 
Level  1  and  Level  2  support  for  the  open  source 
application  server. 

It’s  one  thing  to  pull  some  open  source  tools  off  the 
Internet  to  save  from  having  to  develop  code  for  a 
small  internal  project, says  Bob  Igou.a  principal  ana¬ 
lyst  at  Gartner.  “But  as  more  and  more  open  source 
goes  into  mission-critical  parts  of  the  infrastructure, 
the  IT  organization  has  to  worry  about  the  same 
things  they  worry  about  for  all  of  their  software  — 
support,  certification,  interoperability’ 

In  a  report  issued  in  April,  Gartner  noted  that  while 
just  17%  of  users  it  surveyed  were  using  open  source 
software,  half  of  those  deployments  were  considered 
mission  critical. 

Myou’  re  going  to 
hear  a  lot  more  about 
open  source  solutions 
higher  up  the  stack 
and  a  lot  less  about 
Linux  only.  w 

Efrain  Rovira 

Worldwide  director  of  marketing  for  HP’s  Linux  organization 

Analysts  and  users  alike  recommend  that  organi¬ 
zations  create  an  internal  open  source  advisory 
group  before  jumping  into  mission-critical  open 
source  projects. 

“The  purpose  of  our  open  source  support  center 
was  basically  to  make  open  source  safe  and  effective 
to  use  inside  the  corporate  environment”  Fidelity’s 
Brenner  says.“We  provide  the  kind  of  envelope  of 
security  and  support  they  were  accustomed  to  get¬ 
ting  from  their  commercial  vendor? 

With  start-ups  such  as  SpikeSource  emerging  — 
which  certifies  and  supports  integrated  open  source 
packages  —  there  is  an  opportunity  to  offload  the 
more  mundane  functions,  he  says. 

“There  is  absolutely  no  point  in  my  having  a  dedi¬ 
cated  team  validating  a  LAMP  [Linux,  Apache, 
MySQL,  Perl/PHP]  stack,  when  somebody  else  is  out 
there  doing  it,”  Brenner  says.That  way,  I’m  free  to 
have  our  own  staff  provide  support  on  things  that  are 
naturally  proprietary  to  us.” 

Although  questions  about,  intellectual  property 
rights  remain  —  highlighted  by  The  SCO  Group’s 
claims  that  IBM  illegally  contributed  its  proprietary 
Unix  code  into  Linux  —  the  lawsuits  don’t  seem  to 
be  holding  up  the  adoption  of  Linux  associated  or 
other  open  source  software. 

“The  reality  is  [open  source  licenses]  almost  invari¬ 
ably  say  if  you’re  an  end  user  you  can  do  whatever 


you  want  with  this  stuff,” says  Bob  Gett,  president  and 
CEO  of  Optaros,  a  consulting  and  systems  integra¬ 
tion  company.  “It’s  only  if  you’re  a  vendor  that  it 
becomes  an  issue.” 

Nevertheless,  companies  such  as  Black  Duck  and 
Palamida  have  been  founded  to  provide  end  users 
with  tools  to  keep  track  of  open  source  software 
licenses.  At  the  same  time,  a  move  is  afoot  to  reduce 
the  number  of  licenses  users  have  to  deal  with. 

Looking  for  flexibility 

Aviva  Canada,  an  insurance  firm  in  Toronto,  made 
its  first  foray  into  open  source  three  years  ago  when 
it  began  deploying  Linux.  It  now  has  more  than  50 
servers  running  Red  Hat  and  began  moving  up  the 
stack  about  two  years  ago,  deploying  the  JBoss  appli¬ 
cation  server  in  test  environments. 

JBoss  moved  into  production  after  executives  ana¬ 
lyzed  costs.“When  we  realized  how  much  the  com¬ 
mercial  vendor  was  going  to  cost  and  that  it  was 
going  to  put  us  way  over  budget,  it  provided  the 
impetus  to  say  ‘Yeah,  let’s  try  this  JBoss  thing,’”  says 
enterprise  application  architect  Daniel  Brum. 

Aviva  Canada  uses  JBoss  to  stitch  its  PostgreSQL 
database  to  its  consumer-facing  portal, enabling  cus¬ 
tomers  to  search  for  insurance  quotes  online.  By 
using  the  open  source  tools  the  company  has  avoid¬ 
ed  some  $300,000  in  upfront  costs  and  around 
$100,000  in  annual  maintenance  fees  compared  to 
comparable  commercial  offerings,  Brum  says.  The 
company  now  has  three  portals  running  on  JBoss 
and  PostgreSQL,  as  well  as  a  Project  Rosetta  middle¬ 
ware  application  that  is  used  to  broker  interactions 
and  move  data  among  systems.  Cost  savings  might 
have  been  the  initial  driver,  but  the  benefits  go  way 
beyond  that,  Brum  says. 

“By  sticking  with  open  source  it’s  given  us  flexibility 
and  the  ability  to  follow  an  open  model,”  he  says. 
“We’re  not  locked  in  to  any  vendor.  We  didn’t  want 
our  hands  tied,  to  always  have  to  follow  the  game 
rules  of  any  one  vendor.  We  wanted  flexibility  and 
open  source  gave  us  that.” 

Noel  Proffitt,  senior  IS  analyst  at  the  city  of  Garden 
Grove,  Calif.,  agrees  that  flexibility  is  a  key  perk. 

“One  of  the  big  advantages  is  we  don’t  have  to  bud¬ 
get  or  plan  for  using  a  lot  of  open  source  software, 
we  can  just  start  deploying  it, so  there  is  a  whole  level 
of  authorization  that  doesn’t  need  to  take  place,” 
Proffitt  says.“And,  of  the  course,  the  liberal  licensing 
[lets  us  avoid]  another  level  of  administration  if  we 
want  to  expand  our  environment.” 

Garden  Grove  was  on  the  bleeding  edge  of  open 
source  adoption  when  it  deployed  Linux  in  1995. 
Since  then,  it  has  brought  in  myriad  open  source 
projects,  including  Linux-based  routers  and  firewalls, 
network  monitoring,  an  application  and  content 
management  system  called  Zope  and  the 
PostgreSQL  database. 

By  using  open  source  rather  than  proprietary  prod¬ 
ucts,  the  city  estimates  it  has  avoided  about  $400,000 
in  initial  costs  and  is  saving  taxpayers  some  $75,000 
annually  in  licensing  and  maintenance  fees. 

Taking  control 

Cost  savings  are  important,  but  the  fact  that  the 
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open  source  projects  are  peer  reviewed  and  exam¬ 
ined  by  a  community  of  open  source  experts  makes 
the  software  more  reliable  and  responsive  to  user 
demands,  Proffitt  says. 

“The  products  tend  to  be  longer  lived  and  more 
flexible”  than  proprietary  software,  he  says.  “We’re 
able  to  bend  them  in  a  lot  more  ways  than  we  could 
with  proprietary  systems.  And  if  there’s  a  problem 
that’s  irritating  enough,  we  can  get  into  the  code  and 
fix  it  ourselves.” 

Mark  Greene,  senior  manager  for  software  devel¬ 
opment  at  Tekelec,  a  maker  of  signaling  and  switch¬ 
ing  gear  for  the  telecom  industry,  agrees.  The 
Calabasas,  Calif.,  company  uses  Ernie  Networks’ high 
availability  clustering  software  to  keep  its  MySQL 
database  up  and  running  and  is  looking  to  bring  in 
open  source  in  other  areas. 

“It’s  the  ability  to  control  your  source  code,” 
Greene  says.“We  have  commitments  as  to  how  fast 
we  must  respond  to  issues  in  the  field.  Just  the  over¬ 
head  of  getting  a  big  vendor  to  respond  to  you, and 
then  getting  a  fix  and  getting  it  through  your  imple¬ 
mentation  cycle  and  tested  and  out  to  the  field  — 
there  are  limits  to  how  fast  you  can  do  that.  Here  we 


have  total  access  to  the  software,  we  become  the 
owners  of  that.” 

Support  from  the  open  source  community  helps. 

“They’re  very  friendly  and  eager,”  says  Aviva 
Canada’s  Brum.  “You  can  find  them  quite  easily, 
whereas  a  lot  of  times  with  commercial  software  you 
have  to  escalate  through  different  levels  until  you 
finally  find  someone  who  knows  what’s  going  on.” 

Community-driven  change 

It’s  that  community-driven  support  and  innova¬ 
tion  that  will  make  the  open  source  movement  an 
industry-changing  force  in  the  years  ahead,  ana¬ 
lysts  say. 

While  Gartner  predicts  open  source  will  account 
for  no  more  than  10%  of  all  software  deployments 
in  Global  2000  companies  through  2010,  it  says  95% 
of  those  companies  will  have  “formal  open  source 
acquisition  and  management  strategies”  in  place 
by  2008. 

“We’ve  only  just  begun  to  scratch  the  surface  of 
what  community  development  can  bring  to  the 
table,”  says  Michael  Goulde,  a  senior  analyst  at 
Forrester. 


In  turn,  commercial  vendors  will  be  pressured  to 
rise  to  higher  standards  and  play  by  new  rules. 

“It  has  given  us  big  leverage  with  vendors  be¬ 
cause  they  know  we  have  the  capability  not  to  use 
their  products,” Brum  says.“When  someone  like  IBM 
finds  out  you’re  looking  at  open  source  they  often 
will  drop  their  prices.” 

That’s  not  to  say  there  won’t  be  a  place  for  both 
open  source  and  proprietary  software  in  enterprise 
portfolios.  In  a  February  report  titled  “Open  Source 
Solutions  Will  Restructure  the  Software  Industry?’ 
Gartner’s  Driver  stresses  that  the  open  source 
movement  won’t  destroy  industry  giants  such  as 
IBM  and  Microsoft. 

“It  will  place  increased  pressure  on  traditional  ven¬ 
dors  to  more-aggressively  innovate,  improve  quality 
and  drive  higher  value  in  their  own  products  as  they 
endeavor  to  counter  this  growing  competitive 
threat,”  he  writes. 

All  of  which  is  good  news  for  end  users. 

“There  are  a  lot  of  market  forces  that  are  on  the 
side  of  open  source,”  Garden  Grove’s  Proffitt  says.“It’s 
kind  of  a  natural  evolution  of  software,  that  a  number 
of  underlying  components  will  be  commoditized.”® 


Open  season 

Companies'  open  source  alternatives  are 
software  and  business  applications  more 


growing,  as  more  vendors  tack  on  support  and  maintenance  services  to  make  open  source  inf  rastructure 
palatable.  Here  are  some  options: 


Product 

Vendor 

Application  servers 

Apache  Geronimo 

Apache  Software  Foundation 

JBoss  Application  Server 

JBoss 

Jonas 

ObjectWeb 

Resin 

Caucho  Technology 

Databases 

Apache  Derby 

Apache  Software  Foundation 

Ingres 

Computer  Associates 

MySQL 

MySQL  AB 

Network  and  systems  management  software 

Groundwork  Monitor 

Groundwork  Open  Source  Solutions 

Hyperic  HQ 

Hyperic 

MRTG  (Multi  Router  Traffic  Grapher) 

MRTG 

Portals 

EXo  platform 

EXo  platform  SARL 

GridSphere 

GridSphere 

JBoss  Portal 

JBoss 

CRM 

CentraView 

CentraView 

Compiere 

Compiere 

Hipergate 

Hipergate 

Content  management 

Apache  Lenya 

Apache  Software  Foundation 

Bricolage 

Bricolage  Development  Team 

InfoGlue 

InfoGlue  Community 

Mambo 

Miro  International 

Identity  management 

Jsai 

Ipov 

Kasai 

Manentia  Software 

Red  Hat  Directory  Server 

Red  Hat 

Shibboleth 

Internet2/MACE 

nww.com 

Find  more  open  source 
products  online  at 

www.networkworld.com, 

DocFinder:  7830 


URL 

http://geronimo.apache.org/index.html 

www.jboss.org/products/jbossas 

http://jonas.objectweb.org 

www.caucho.com 

http://incubator.apache.org/derby 

http://opensource.ca.com/projects/ingres 

www.mysql.com 

www.itgroundwork.com/products 

www.hyperic.net/products/index.html 

http://mrtg.hdl.com/mrtg.htmi 

www.exoplatform.com/portal/faces/public/exo 

www.gridsphere.org/gridsphere/gridsphere 

www.jboss.org/products/jbossportal 


www.centraview.com/index.php?option=comjontent&task=view&id=1&ltemid=3 

www.compiere.org/product/index.html 

www.hipergate.org 

http://lenya.apache.org 

www.bricolage.ee 

www.infoglue.org/infoglueDeliverLive/ViewPage.action?repositoryName=www.infoglue.org 

www.mamboserver.com 

http://oss.ipov.org/jsai 

www.manentiasoftware.com/kasai/goToFlome.action 

www.redhat.com/software/rha/directory 

shibboleth.internet2.edu/about-shibboleth.html 
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BRANCHING  OUT: 

I  Comfortable  with  Linux,  organizations; 
!i  look  for  new  open  source  tools 


Lori  Key,  an  analyst  for  Johnston  County  in 
North  Carolina,  made  the  move  to  open 
source  map-serving  software  to  get  “more 
control  over  our  own  application." 


Companies  arent 
toying  with  open 
source  tools,  they're 
deploying  them  to 
support  business 
critical  functions. 
Here's  a  look  at  how 
some  organizations 
are  exploiting  the 
technology. 


SCOTT  OINGMAN 


BY  CARA  GARRETSON  AND  JOHN  FONTANA 

LORI  KEY  WAS  CONCERNED  ABOUT  HER  SOFTWARE  VENDOR. 
The  company  which  she  declines  to  name,  provided  North  Carolina’s 
Johnston  County  with  map-serving  software  to  power  an  application 
that  gives  its  145,000  citizens  crucial  information  about  every  parcel 
of  land  in  the  area.  But  the  vendor  was  having  financial  trouble  and 
because  the  county  rented  the  software,  Key  knew  she  would  be  left 
with  nothing  should  the  developer  declare  bankruptcy 


The  fear  of  having  nothing  to  show  for  years  of  pay¬ 
ing  software  fees  played  a  strong  role  in  the  county’s 
decision  to  switch  to  an  open  source  mapserving 
product  called  MapServer  developed  at  the  Uni¬ 
versity  of  Minnesota,  says  Key  an  analyst  with  John¬ 
ston  County’s  technology  services  department.  Map- 
Server,  along  with  other  open  source  components 
including  the  FbstgreSQL  database  and  Refractions 


Research’s  FbstGIS  for  working  with  geographical 
objects,  allowed  the  county  to  sever  its  dependency 
on  commercial  software  for  its  geographic  informa¬ 
tion  system  application. 

“It  all  comes  down  to  control;  we  wanted  more 
control  over  our  own  application,”  Key  says.“We  had 
been  hearing  about  the  benefits  of  open  source,  and 
we  thought, ‘All  the  money  we  spent  for  support  and 


to  upgrade  software  with  vendors  can  now  be  spent 
on  new  functionality  and  improving  the  applica¬ 
tion,”’ she  remembers. 

Many  organizations  are  finding  the  move  not  just 
to  open  source  operating  systems  but  critical  appli¬ 
cations  to  be  a  worthwhile  one,  though  it’s  still  far 
from  a  mainstream  decision.Within  the  next  three  to 
five  years,  Forrester  Research  Senior  Analyst  Michael 
Goulde  expects  more  companies  to  bet  on  open 
source  applications  not  only  for  the  cost  savings,  but 
also  to  cut  down  on  headaches  that  proprietary  soft¬ 
ware  causes. 

“One  of  the  realms  you  always  get  into  with  busi¬ 
ness  applications  is  they  never  quite  do  the  job  the 
way  you  want  it  done.  With  proprietary  software  you 
always  have  to  chase  down  the  vendor  to  get  cus¬ 
tomization,”  Goulde  says.“One  real  attraction  of  open 
source  business  applications  is  conceivably  any¬ 
body  can  do  the  customization  and  support  it.” 

Real  deal,  see  page  20 


SQL  Server  2000  beats  Oracle  10< 
on  security  vulnerabilities. 


SQL  Server  2000  on  Windows  Server  2003  experienced  144  fewer  security 
vulnerabilities  versus  Oracle  lOg  on  Red  Hat  Enterprise  Linux  3.0.  To  see  all  the  test 
results  or  to  find  a  Microsoft  certified  partner  go  to  microsoft.com/sql 
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Comfortable  with  Linux,  organizations 
look  for  new  open  source  tools 


Real  deal 

continued  from  page  18 

Ready  for  primetime 

Some  companies  are  ready  to  jump  into  open 
source  applications  now.  “There  has  been  a  lot  of 
legitimate  concern  in  recent  years  that  open  source 
was  not  commercial  grade,  and  it  wasn’t,”  says  David 
Whiles,  director  of  IS  at  Midland  Memorial  Hospital 
in  Texas.“But  I  believe  its  time  has  come.” 

Midland  Memorial  is  marking  a  first  in  the  private 
healthcare  sector  with  its  recent  decision  to  roll  out 
an  open  source  application  that  will  provide  the 
hospital  and  clinics  with  an  integrated  Electronic 
Medical  Record,  including  Computerized  Physician 
Order  Entry  Bar  Code  Medi¬ 
cation  Administration  and 
Picture  Archiving  and  Com¬ 
munication.  While  one  draw 
may  be  the  price  they  paid  for 
the  application  — nothing  — 
the  best  part  is  that  the  Open- 
Vista  application  from  Med- 
sphere  is  the  result  of  years  of 
engineering,  Whiles  says.  The 
application  is  based  on  the 
open  source  Vista  Electronic 
Health  Record  applications 
created  and  battle-tested  by 
the  Department  of  Veterans 
Affairs. 

“This  is  20  years  in  development,  very  functionally 
rich  and  it  is  available  through  the  Freedom  of  In¬ 
formation  Act.lt  is  public  domain, anyone  can  down¬ 
load  it,” Whiles  says.  Medsphere  is  providing  the  con¬ 
sulting  support,  including  installing  and  configuring 
the  system,  training  staff  and  supplying  ongoing 
maintenance. 

“Our  ultimate  goal  is  to  have  a  full  open  source 
stack  with  Red  Hat  for  the  operating  system,  MUMPS 
[a  development  language]  and  then  the  business 
software,”  says  Whiles,  who  is  five  months  into  a  roll¬ 
out  that  should  be  completed  by  year-end. 

What  drove  Whiles  to  make  such  a  calculated 
move  at  his  370-bed  county  hospital?  “Sticker  shock,” 
he  says.To  do  what  we  wanted  to  do  was  out  of  our 
reach  economically’  Eventually  the  hospital  spent 
$7.1  million  as  opposed  to  the  more  than  $18  million 
it  was  facing  in  the  commercial  software  world. 

While  the  advantages  of  open  source  applications 
are  many  potential  converts  should  beware  of  leav¬ 
ing  behind  commercial  products  for  purely  political 
reasons.  “I’m  just  looking  for  the  best  tools  for  the 
job,”  says  Ed  Bailey  director  of  IT  at  the  University  of 
Florida’s  Department  of  Materials  Science  and  En¬ 
gineering  in  Gainesville.  Upon  his  arrival  at  this  posi¬ 
tion  three  years  ago,  Bailey  started  moving  as  many 
computers  as  possible  to  Linux.  “I  need  products  I 
can  rely  on,  and  I  just  can’t  do  that  with  Windows,” 
he  says.“Some  people  here  are  real  fanatics,  every¬ 
thing  has  to  be  open  source.  I’m  just  trying  to  be 
pragmatic  and  meet  our  needs.” 

The  department  has  migrated  all  of  its  servers  to 
Linux  save  one,  a  Windows  Terminal  server  that 


Bailey  says  does  a  great  job. 

Of  course,  being  the  one  responsible  for  bringing 
open  source  into  an  organization  can  be  an  uncom¬ 
fortable  position.  For  Steve  Adams,  a  technical  archi¬ 
tect  with  the  Oregon  Department  of  Transportation 
(ODOT),the  biggest  challenge  he’s  faced  in  adopt¬ 
ing  open  source  are  the  skeptics  he  encounters. 
“Open  source  is  not  the  known,  comfortable  plat¬ 
form.  People  have  a  misconception,  a  misunder¬ 
standing  of  what  the  open  source  community 
means,  especially  in  terms  of  support,”  he  says. 

Adams  since  2002  has  embraced  open  source  to 
handle  many  application  and  computing  needs 
using  the  five  Linux  servers  he  maintains  that  run 
inside  a  virtual  machine  on  the  organization’s  main¬ 
frame.  His  most  important  application  might  be  a 
piece  of  homegrown  middle¬ 
ware  called  FXE2  developed 
with  open  source  tools  to  tie 
together  a  legacy  CICS  main¬ 
frame  drivers’  license  applica¬ 
tion  and  the  Windows  PC  that 
acts  as  the  point-of-sale  front 
end  at  the  Department  of 
Motor  Vehicles  offices. 

It  was  a  group  of  midlevel 
managers  who  had  the  fore¬ 
sight  to  explore  open  source 
in  the  face  of  dwindling  state 
budgets  that  spurred  ODOT  to 
make  the  move.  That  foresight 
helped  when  the  predecessor 
to  FXE2  needed  to  be  replaced.  Adams  estimates 
ODOT  saved  upwards  of  $120,000  by  moving  the 
application  to  open  source  and  Linux  on  the  main¬ 
frame,  instead  of  to  a  Windows-based  Intel  architec¬ 
ture.  He  says  that  success  is  helping  change  manage¬ 
ment’s  perception  of  open  source  and  has  attracted 
attention  from  other  agencies  in  Oregon. 

Pick  and  choose 

Among  the  organizations  that  have  successfully 
adopted  open  source  for  critical  applications,  com¬ 
ing  up  with  some  sort  of  policy  for  when  to  go  open 
source  has  helped. 

Open  source  makes  sense  “in  cases  where  [the 
application]  is  really  core  to  the  business,  where  we 
want  to  have  total  control  over  everything  from  top 
to  bottom,”  explains  Bob  Gatewood,  CTO  of  Athena- 
health,  developer  of  physicians’  front-office  software 
that  is  based  on  open  source.The  company  recently 
adopted  an  open  source  CRM  tool  by  SugarCRM  to 
replace  Salesforce.com’s  suite,  which  the  company 


■  Companies  increasingly  are  adopting  open 
source  applications,  citing  their  flexibility, 
cost  savings  and  the  ability  to  have  more 
control  over  the  software.  One  warning:  Be 
prepared  to  give  some  software  back  to  the 
open  source  community. 


had  just  grown  out  of. “Our  business  had  grown  and 
matured  and  we  needed  to  integrate  the  business 
system  operations.  We  had  to  twist  ourselves  into  a 
pretzel  in  order  to  make  some  of  the  processes 
work,”  Gatewood  says  of  Salesforce.com.  “We  would 
have  had  to  build  [a  CRM  system]  ourselves  if  Sugar 
hadn’t  come  along.” 

Another  way  Athenahealth  uses  open  source  is  in 
the  early  stages  of  a  project  when  the  organization  is 
not  quite  sure  what  the  requirements  are  or  whether 
it  really  wants  to  commit  to  a  certain  product,  Gate- 
wood  says. 

When  first  implementing  open  source,  experi¬ 
enced  users  say  it’s  best  to  find  success  with  a  small 
project  first  before  attempting  an  organization-wide 
rollout.  “Start  small  and  build  your  own  confidence 
in  the  open  source  world.  Once  you  see  how  stable 
the  products  are  you  will  feel  more  comfortable  to 
move,” says  Ruth  Schall, director  of  MIS  for  the  city  of 
Kenosha, Wis. 

Not  that  she’s  exactly  taken  her  own  advice.The  city 
has  migrated  its  homegrown  legacy  applications  for 
taxes,  billing  and  payroll  to  Linux  and  open  source, 
and  has  added  Neoware  Linux-based  thin  clients  on 
the  desktop  with  applications  for  spreadsheets  and 
word  processing.  “We  took  a  chance  on  this;  we  had 
our  backs  against  the  wall.  But  we  proved  we  could 
run  on  open  source.  People  no  longer  think  it  is 
strange  what  we  are  doing,”  Schall  says. 

Many  open  source  converts  say  the  common  con¬ 
ception  that  it’s  difficult  to  find  good,  fair-priced  sup¬ 
port  for  applications  is  largely  false. 

“One  of  the  things  I  hear  a  lot  of  is  people  are  con¬ 
cerned  about  support  costs,  ‘Where  do  you  go  for 
tech  support,  where  do  you  go  for  help?”’  Schall 
says.  But  she  says  support  compared  with  her  15 
years  in  a  mainframe  environment  has  gotten  better 
with  the  move  to  open  source.“We  have  been  able 
to  rely  on  the  [open  source]  community  when  we 
have  had  issues.” 

However,  Johnston  County’s  Key  adds  that  it’s  also 
important  to  pick  open  source  applications  that  are 
proven  and  well  documented.  “Make  sure  you  go 
with  a  mature  open  source  product,  there  are  a  lot  of 
products  out  there  with  not  a  lot  of  support  yet,”  she 
says.“You  need  really  good  documents  and  FAQs.” 

Many  proponents  say  the  challenges  they’ve  faced 
implementing  open  source  applications  are  quite 
similar  to  those  encountered  when  moving  to  any 
new  product;  bugs  in  the  code,  end-user  learning 
curves,  working  the  kinks  out  of  support. 

But  using  open  source  products  does  come  with 
one  unique  issue:  the  concept  of  giving  back  to  the 
open  source  community 

“I  haven’t  yet  figured  out  how  to  contribute  back 
to  the  community?’  Gatewood  says.  “We  use  open 
source  so  much,  but  I  haven’t  found  a  good  project 
to  give  back  yet.”  But  there’s  a  project  in  the  works  at 
Athenahealth  that  may  be  the  perfect  candidate; 
Gatewood  says  his  staff  plans  to  integrate  SugarCRM 
with  Microsoft  Great  Plains  financial  system. 

“1  would  encourage  CIOs,  if  you’re  going  to  start 
using  open  source  you  should  start  thinking  early 
what  you’re  going  to  give  back,”  Gatewood  advises. 
“It  stops  working  if  you  don’t  give  back.”  ■ 


II I  need  products 
I  can  rely  on,  and 
I  just  can’t  do  that 
with  Windows,  f  f 

Ed  Bailey 

Director  of  IT  at  the  University  of  Florida’s 
Department  of  Materials  Science  and 
Engineering,  Gainesville 


YOUR  COMPANY’S  FIREWALL 


Introducing  DuPont™  certified  limited  combustible  cable.  In  the  event  of  a  fire,  securing  your 
business’  uptime  is  crucial.  The  data  communications  cable  you  choose  could  play  a  key  role  in  protecting 
your  network  technology  investment.  DuPont™  certified  cable  produces  20  times  less  smoke  than  other 
plenum  rated  cables.  And  less  smoke  means  less  costly  downtime,  making  it  the  most  advanced  fire 
safety  cable  technology  available  today.  To  learn  more  about  DuPont ™  certified  limited  combustible  cable 
or  to  request  a  free  CD,  log  on  to  teflon.com/cablingmaterials  or  call  i-8oo-2oy-oy$6. 


The  miracles  of  science ~ 
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f  Comfortable  with  Linux,  organizations; 
look  for  new  open  source  tools 


tting  there 

Migrating  to^open  source 


BY  DENISE  DUBIE 

Despite  the  enthusiasm  of  many  open  source 
backers,  successful  rollouts  of  the  technology  aren’t 
automatic. 

While  a  recent  Forrester  Research  report  found  that 
roughly  40%  of  the  100  U.S.  companies  surveyed  had 
no  disappointments,  that  still  leaves  six  out  of  10  per¬ 
haps  wishing  they  had  done  things  differently 

How  can  you  better  your  chances  of  success? 
Read  on  to  learn  what  open  source  users  and  indus¬ 
try  watchers  advise. 


1.  Getting  started. 


While  open  source  software  can  be  quickly  down¬ 
loaded  and  put  to  use,  industry  watchers  say  rollouts 
should  be  approached  in  much  the  same  way  as  they 
would  with  commercial  applications.  That  means 
assembling  a  proof-of-concept  plan  and  determining 
long-term  integration,  support  and  labor  costs. 

“It’s  a  cultural  difference.  IT  people  wanting  to 
bring  open  source  in-house  don’t  always  approach  it 
as  they  would  other  technologies,”  says  Mark 
Douglas,  vice  president  of  engineering  and  opera¬ 
tions  at  online  dating  company  eHarmony  in 
Pasadena,  Calif.  “They  need  to  put  together  a  pilot 
and  show  the  reasons  why  open  source  is  better 
than  commercial  products.” 

Linux  and  Apache  might  have  flourished  in  one-off 
rollouts,  but  users  say  a  full-blown  migration  to  open 
source  needs  to  be  driven  by  more  than  experimen¬ 
tal  curiosity. 

“Teams  will  know  they  are  ready  when  commer¬ 
cial  software  just  never  meets  all  of  their  needs. 
Those  gaps  end  up  being  a  critical  factor  in  the  deci¬ 
sion  to  go  open  source,”  says  Andres  Andreu,  techni¬ 
cal  director  of  Web  engineering  and  applications  for 
advertising  giant  Ogilvy  &  Mather  in  New  York. 


2.  Support  scheme. 


One  Catch-22  with  open  source  centers  around 
support.  Sure,  there  are  numerous  sources  for  help 
with  many  of  the  70,000  open  source  components 
available  for  download  on  the  Internet,  but  how 
good  are  they? 

“There  may  appear  to  be  support,  but  it  really 
needs  to  be  investigated  beyond  surface  appear¬ 
ances,"  says  Michael  Goulde,  a  senior  analyst  at 
Forrester.“You  have  to  determine  if  you  are  choosing 
a  viable  product  with  long-term  development  plans 
and  identify  the  development  community  upfront.” 

EHarmony’s  Douglas  says  with  every  type  of  open 
source  software,  there  is  most  likely  a  vendor  com- 


Those  who  have  made 
the  move  share  advice  on 
how  to  prepare  and  what 
traps  to  avoid. 


mitted  to  providing  support.  IT  managers  can  con¬ 
tact  vendors  such  as  Red  Hat  and  Covalent,  for  ex¬ 
ample,  to  get  support  contracts  that  rival  those  for 
commercial  software. 

“It  hasn’t  been  any  different  than  when  I  wanted  to 
get  [BEA]  WebLogic  support;  I  contact  the  salespeo¬ 
ple  and  they  get  me  support,”  Douglas  says. 

3.  Learn  the  licensing. 

Open  source  doesn’t  always  mean  free. 

“Deciphering  the  different  license  models  for  open 
source,  and  even  commercial, software  can  become 
a  bit  of  a  train  wreck,”  says  Sam  Lamonica,  IT  direc¬ 
tor  at  general  contracting  and  engineering  company 
Rudolph  &  Sletten  in  Foster  City  Calif.  “You  have  to 
figure  out  which  licensing  scheme  is  going  to  work 
for  your  company  and  how  you  are  using  the  open 
source  code.” 

The  Open  Source  Initiative  lists  dozens  of  license 
models  it  has  certified  on  its  Web  site  (www.open 
source.org),  including  the  General  Public  License 
(GPL)  and  Mozilla  Public  License  (MPL). 

For  example,  GPL  permits  unlimited  free  use,  mod¬ 
ification  and  redistribution  of  source  code  without 
also  sharing  the  source  code  and  explicitly  publish¬ 
ing  the  copyright  and  warranty  notice.. 

4.  Go  to  the  source. 

One  of  the  biggest  perceived  benefits  of  open 
source  is  the  flexibility  of  having  access  to  the 
source  code. 

But  there  are  two  caveats:  One,  IT  staff  needs  to 
have  the  skills  to  write  scripts  and  make  the  soft¬ 
ware  work  for  them;  and  two,  IT  managers  will  have 
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■  By  2010,  IT  organizations  in  Global  2000 
companies  will  consider  open-source  products 
in  80%  of  their  inFrastructure-Focused  soFt- 
ware  investments  and  25%  oF  their  business 
soFtware  investments. 

SOURCE:  GARTNER,  JUNE  COOS 


to  take  full  responsibility  when  the  manipulated 
code  doesn’t  live  up  to  original  expectations. 

“You  may  not  get  all  of  the  commercial  refine¬ 
ments  you  are  used  to,  so  you  really  have  to  under¬ 
stand  software,  data  and  architectures,”  Ogilvy  & 
Mather’s  Andreu  says.  “You  will  cut  the  umbilical 
cord  of  vendor  accountability  in  this  realm.” 

5.  Tying  it  all  together. 

The  differences  in  open  source  code  from  devel¬ 
oper  to  developer  can  make  it  difficult  for  a  com¬ 
pany  to  quickly  adopt  and  integrate  a  complete 
open  source  stack. 

One  route  is  to  follow  the  LAMP  model,  an  inte¬ 
grated  stack  that  includes  Linux,  Apache,  MySQL  and 
programming  languages  Perl,  PHP  or  Python.  Start¬ 
ups  such  as  OpenLogic,  Optaros  and  SpikeSource 
say  they  will  do  the  integration  work  for  IT  managers 
and  provide  services  or  stacks  of  software  that  fit  the 
LAMP  model. 

“Open  source  can  become  a  real  time  sink  if  you 
are  working  to  tie  multiple  pieces  together,” says  Rick 
Beebe,  manager  of  system  and  network  engineering 
for  ITS-Med  at  the  Yale  University  School  of  Medicine 
in  New  Haven,  Conn.“Many  open  source  projects  are 
built  on  other  open  source  projects  and  the  hidden 
costs  with  open  source  is  directly  related  to  the  time 
it  takes  to  work  out  the  integration.” 

6.  Security  concerns. 

Open  source  advocates  contend  that  the  technol¬ 
ogy  is  more  secure  than  commercial  offerings,  but 
open  source  software  has  susceptibilities  of  its  own. 

According  to  analyst  Laura  Koetzle,  open  source 
developers  are  not  as  motivated  by  customer  satis¬ 
faction  numbers  or  the  potential  of  hackers  as  com¬ 
mercial  vendors  to  participate  in  vendor-sec  mailing 
lists  to  report  bugs  and  holes  in  the  software. “Open 
source  maintainers  will  vary  widely  in  the  speed  and 
quality  of  their  responses  to  security  vulnerabilities," 
she  writes  in  a  Forrester  report. 

Koetzle  says  open  source  software  passes  the 
“good-enough  security  tests”  that  most  commercial 
products  do,  but  she  adds  that  you  can  take  extra 
measures  to  ensure  the  security  of  open  source  soft¬ 
ware  on  your  network. 

To  start, standardize  on  one  distribution  of  source 
code.  Software  release  management  processes 
also  should  be  applied.  And  you  should  consider 
using  tools  such  as  GNU  privacy  guard,  a  free  re¬ 
placement  to  the  data  encryption  program  PGP 
(Pretty  Good  Privacy). ■ 


A  I  Take  charge.  Win  the  battle  and  take  control,  right  from  your  comfy  chair.  It’s  easy  to  conquer  the  challenges  of 

THHb  managing  serial  devices  in  the  data  center  with  the  CCM  serial  console  manager.*  When  used  with  DSView®  3, 
AVWorks®,  or  industry-standard  SSH/Telnet  client  software,  you  can  remotely  control  servers,  network  gear,  telco  and 
power  devices  from  a  single  interface.  With  proactive  alerts  and  offline  buffering 

you  can  remotely  diagnose  failed  devices  and  reduce  downtime  without  setting  Avocent 

foot  in  the  data  center.  Visit  us  at  www.avocent.com/serialcontrol.  The  Power  of  Being  There® 
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urce  community 


Dear  open  source  community, 

We  end  users  are  happy  with  the  way  the  open  source  move¬ 
ment  is  progressing.  With  Linux  now  a  stable  operating  system 
worthy  of  mainstream  deployments,  we’ve  begun  looking  up  the 
stack  to  see  where  else  open  source  can  fit  in  our  data  centers. 

The  variety  of  open  source  offerings  —  from  application 
servers  and  databases  to  security  and  content  management  — 
illustrate  the  community’s  commitment  to  meet  business  needs. 
We’re  ready  to  take  the  next  step.  But,  first,  there  are  a  few  things 
we’d  like  to  see  from  you,  the  open  source  community  before 
free  software  takes  on  a  higher  profile  in  big  IT  departments: 

•  More  enterprise-class  support:  Open  source  projects 
might  have  been  launched  because  of  a  desire  to  move  away 
from  proprietary  vendors,  but  corporate  users  still  want  the  kind 
of  support  those  types  of  vendors  provide.  We  think  companies 
such  as  JBoss  and  Red  Hat,  which  provide  professional  service 
and  support  for  open  source  code,  have  the  right  approach.“In 
terms  of  what  the  open  source  community  has  to  do  to  get  to 
the  next  level,  it’s  what  [JBoss  calls]  the  professional  open 
source  model,”  says  Daniel  Brum,  enterprise  application  archi¬ 
tect  at  insurance  firm  Aviva  Canada  in  Toronto.“Your  tools  and 
APIs  are  all  open  source,  but  at  the  same  time  you  provide  a 
corporate  backing  so  we  as  end  users  get  that  comfort  level 
that  comes  with  24/7  support  and  the  knowledge  that  all  the 
proper  testing  is  going  into  these  things  and  that  the  developers 
are  actually  paid  to  work  on  the  tools.” 

•  Better  documentation:  It’s  true  that  third-party  support 
options  are  growing,  but  we  need  to  know  that  documentation  is 
available  as  a  frontline  resource.  It  should  be  of  high  quality  and 
easy  to  find.“We  see  some  leading  open  source  tools  such  as 
MySQL,  PHP  and  Apache  provide  good  documentation,”  says 
Ulrich  Seif,  CIO  at  National  Semiconductor  in  Santa  Clara.This 
needs  to  be  more  widespread  across  all  tools  and  utilities.” 

•  A  sense  of  stability:  We  understand  that  creativity  and  free¬ 
dom  of  expression  are  key  drivers  in  open  source  software,  but  as 
IT  managers  responsible  for  running  mission-critical  data  centers 
we  want  to  know  that  today’s  hot  project  won’t  be  thrown  by  the 
wayside  tomorrow.Trogrammers  are  creative  people.  Like  artists 
who  finish  a  painting,  when  we’re  done  with  a  program  and  put  it 
in  production,  we  look  for  something  else  to  do,” says  Joe  Poole, 
technical  director  at  Boscov’s  department  stores  in  Reading,  Pa. 
“I’m  a  little  concerned  that  the  maintained  of  the  open  source 
products  could  lose  interest  and  go  on  to  something  else.  If  the 
product  is  abandoned,  who  will  make  sure  that  some  other  group 


will  take  it  over?”  Poole  suggests  that  the  Open  Source 
Development  Lab  or  some  other  organization  should  monitor 
projects, “just  to  make  sure  that  open  source  maintains  stability’ 

•  Access  to  more  platforms:  As  one  IT  architect  at  a  large 
media  company  who  asked  not  to  be  named,  put  it:  It’s  time  for 
the  open  source  community  “to  lose  religion.”  We  want  to  deploy 
open  source  software  because  it  makes  good  business  sense,  not 
because  it  makes  a  political  statement.“I  don’t  want  to  buy 
software  from  a  company  who  builds  or  supports  software 
just  because  they  hate  Microsoft,”  he  says. “And,  frankly,  we’d  like 
to  see  more  open  source  products  for  Windows  that  are  more 
than  just  the  Linux  version  recompiled,  but  truly  Windows-cen¬ 
tric  open  source  tools.”  One  of  the  difficulties  of  bringing  in 
open  source  is  to  integrate  it  with  existing  environments,  so 
enabling  open  source  tools  to  run  on  legacy  platforms  would  be 
a  definite  plus.“Losing  the  religion  and  building  true,  robust  inte¬ 
gration  with  Windows  and  existing  environments  is  what  will  get 
open  source  into  the  data  center,”  the  IT  architect  says. 

•  A  commitment  to  stay  open:  As  open  source  becomes 
more  widely  deployed,  there  might  be  the  temptation  to  close 
some  things  off.  We  believe  the  community  must  work  hard  to 
keep  free  code  standardized  so  that  corporate  users  can  bal¬ 
ance  application  development  with  their  existing  infrastructures. 
“We  need  to  see  more  focus  on  adopting  open  standards  with 
respect  to  file  formats  and  protocols  to  drive  up  adoption. . . . 
Open  compilers,  file  formats,  transport  protocols,  [operating  sys¬ 
tems]  ,  applications  —  the  whole  deal,”  Seif  says.“The  open 
source  community  must  keep  pursuing  a  commitment  to  open 
standards  and  create  winning  products  like  Apache  that  ensure 
open  standards  are  not  made  proprietary’ 

•  Focus  on  the  end  user.  Don’t  forget  who  we  are  and  what 
we  need.“When  I’ve  gone  to  meetings  of  open  source  develop¬ 
ers  and  potential  end  customers,  one  of  the  things  that  struck 
me  was  that  many  of  the  open  source  developers  are  far  more 
interested  in  talking  with  each  other  and  working  with  each 
other  than  they  are  in  dealing  with  actual  potential  customers,” 
says  Charlie  Brenner,  senior  vice  president  of  the  Fidelity  Center 
for  Applied  Technology  a  unit  of  Fidelity  Investments  in  Boston. 
“There  is  a  lingering  feeling  in  parts  of  the  community  that  com¬ 
mercialization  isn’t  necessarily  a  good  thing.” 
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Two  industry  insiders  debate  the  pros  and  cons  of  BSD  vs.  GPL. 
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FACE-OFF 


Is  BSD  a  better  open  source 
licensing  model  than  the  GPLP 


Yes 


Mark  Brewer 

Covalent  Technologies 

As  open  source  licensing  models,  both  the  Berkeley  Software  Distribution 
license  and  the  General  Public  License  have  advantages  and  disadvantages. 
But  in  the  end,  the  BSD  offers  more  benefits  to  enterprise  customers. 

The  GPL  was  created  by  developers,  for  developers,  to  grow  the  open 
source  code  base  and  ensure  that  it  remains  open  source. The  license  works 
nicely  for  software  companies  that  want  to  reduce  software  development 
costs  without  having  to  give  up  control  of  intellectual  property 

This  statement  might  seem  contradictory  but  if  you  really  think  about  it,  it  is 
true.  There  are  a  number  of  software  vendors  licensing  their  technology 
under  the  GPL  and  thereby  benefiting  from  the  GPL’s  reciprocity  provision.To 
make  certain  that  source  code  is  available  to  anyone,  this  provision  dictates 
that  changes  to  the  code  must  be  given  back  to  the  community  Therefore,  a 
software  company  choosing  to  adopt  the  GPL  benefits  from  all  changes  and 
enhancements  made  to  its  code,  regardless  of  who  authored  them. This  can 
make  the  GPL  too  risky  for  enterprise  customers. 

Furthermore,  software  containing  embedded  GPL-based  code  must  be 
licensed  under  the  GPL.  Often  referred  to  as  the  “viral”  nature  of  the  GPL,  this 
makes  the  license  a  poor  choice  for  most  applications  and  impossible  for  an 
independent  software  vendor  to  license  product  under  a  proprietary  license 
or  even  another  open  source  license. 

Developers  who  want  their  code  to  be  freely  available  and  comply  with  the 
tenets  of  Free  Open  Source  also  created  the  BSD  license.  However,  in  contrast 
to  the  GPL  the  BSD’s  goal  is  to  pass  on  control  to  those  who  adopt  it,  thus 
making  the  terms  of  the  BSD  license  more  pragmatic,  generous,  flexible  and 
an  overall  better  choice  for  today’s  enterprise  customers.  Corporate  IT  devel¬ 
opers  can  download  and  modify  open  source  code  under  the  BSD  license 
without  having  to  contribute  back  enhancements  that  might  be  of  unique 
competitive  advantage.  A  developer  or  corporation  also  can  offer  an  appli¬ 
cation  created  from  the  open  source  software  to  their  part¬ 
ners  and  customers,  then  license  that  product  under  terms 
best  suited  to  meet  their  business  requirements. 

The  generous  terms  of  the  BSD  license  have  allowed  open 
source  communities  to  flourish  under  BSD-based  projects, 
often  more  so  than  those  licensed  under  the  more  restric¬ 
tive  GPL. 


No 

Matt  Asay 

Novell 


Brewer  is  CEO  of  Covalent  Technologies.  He  can  be  reached 
at  mbrewer@covaient.com. 
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No  one  open  source  license  is  ideal  in  every  circumstance.  Different 
licenses  serve  different  ends.  Berkeley  Software  Distribution-style  licenses 
have  been  used  to  govern  the  development  of  exceptional  open  source  pro¬ 
jects  such  as  Apache.  Clearly  BSD  has  its  strengths. 

However,  all  things  being  equal,  I  prefer  the  General  Public  License  (GPL). 
The  GPL  is  one  of  the  most  exciting,  innovative  capitalist  tools  ever  created. 
The  GPL  breaks  down  walls  between  vendors  and  customers  while  enabling 
strong  competitive  differentiation. Unlike  the  BSD,  which  strikes  me  as  serving 
an  ever-narrowing  slice  of  the  development  community  that  shares  code  sim¬ 
ply  for  the  sake  of  sharing,  the  GPL  takes  a  hardheaded  look  at  software  devel¬ 
opment  (and  human  nature)  and  works  to  maximize  choice,  control  and  a 
free  market. 

From  its  inception,  the  IT  business  has  depended  on  intellectual  property 
This  dependence  is  enshrined  in  the  U.S.  Constitution,  Section  I,  Article  8, 
which  establishes  copyright/patent  to  “secur[e]  for  limited  Times  to  Authors 
and  Inventors  the  exclusive  Right  to  their  respective  Writings  and  Dis¬ 
coveries.”  This  limited  monopoly  grant  has  enabled  software  companies  to 
create  exceptional,  customer-focused  products  without  inordinate  fear  that 
competitors  will  freely  clone  their  innovations  for  sale  as  their  own. 

In  the  open  source  world,  copyright  continues  to  play  a  role,  but  it’s  a  dif¬ 
ferent  kind  of  copyright.  Dubbed  “copyleft,”  it  means  I  freely  share  the  source 
code  to  my  software,  with  the  requirement  that  those  who  benefit  from  my 
software  by  modifying  and  distributing  it  also  must  share  their  modifications. 

This  benefits  end  users  who  gain  access  to  source  code,  giving  them  visi¬ 
bility  into  their  vendors’  products  and  allowing  them  to  customize  these  pro¬ 
ducts  to  meet  specific  requirements.  As  long  as  end  users  do  not  distribute 
the  modified  code,  they  can  keep  their  modifications  private. The  GPL  makes 
co-creators  of  vendors  and  buyers,  lessening  the  sometimes-adversarial  rela¬ 
tionship  between  the  two. 

No  other  open  source  license  has  done  more  than  the  GPL 
to  make  open  source  commercially  viable.  By  emulating  the 
traditional  copyright  format,  the  GPL  facilitates  commercial 
involvement  in  open  source  communities,  which  is  impor¬ 
tant  for  expediting  the  spread  and  depth  of  open  source  soft¬ 
ware.  Free  market  open  source,  thanks  to  the  GPL. 


Asay  is  director  of  Novell's  Linux  Business  Office.  He  can  be 
reached  at  masay@novell.com. 
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Open  source  vs.  Windows: 

curity  debate  rages 


BY  ELLEN  MESSMER 

IT’S  ATOPIC  OF  FIERCE  DEBATE  AMONG  HIGH-TECH  COGNOSCENTI: 
What’s  more  secure  — “open  source”  code  such  as  Linux  and 
Apache,  or  proprietary  “closed  source”  operating  systems  and 
applications,  Microsoft’s  in  particular? 


The  regularity  with  which  Microsoft  has  taken 
to  announcing  vulnerabilities  and  consequent 
software  fixes  has  left  few  cheering  about  its 
security.  In  contrast,  high  expectations  endure  for 
open  source,  with  proponents  arguing  that  it’s 
inherently  more  secure  because  a  much  larger 
set  of  developers  can  read  the  code,  vet  it  and 
correct  problems. 

“I’m  struggling  to  think  of  anyone  who  would 
argue  the  other  wayf  says  Adam  Jollans,  chief  Linux 
technologist  at  IBM  Software  Group. 

“Discovery  is  different  in  the  open  source  and 
closed  source  approach,”  Jollans  says.  “Because 
source  code  is  visible  to  lots  of  people,  if  there  is  a 
security  issue,  it  tends  to  be  spotted  earlier.  The 
open  source  community  isn’t  shy  about  criticizing 
bad  code.”  He  added  that  a  version  of  Linux,  SuSE 
Enterprise  Server  9,  in  March  became  the  first  to 
earn  the  government-approved  International 
Common  Criteria  certification  for  security  level  4, 
comparable  to  what  Microsoft  achieved  with 
Windows  Server  2000  in  security  test  reviews 
three  years  ago. 

Tim  Clarke,  IT  director  at  Manifest,  a  maker  of 
electronic  voting  and  research  tools  for  investment 
firms  in  England,  feels  much  the  same  way  about 
open  source  security.  He  says  open  source  devel¬ 
opers  are  “more  agile  and  feel  more  exposed  on  a 
personal  level  to  criticism  at  whatever  level  that 
might  be  aimed  at  their  products.” 

Buying  into  the  philosophy 

Thus,  open  source  developers  are  “more  able  to 
respond  quickly  and  to  use  new  and  more  secure 
techniques.  Because  they  perform  for  peers’ 
kudos,  this,  too,  behooves  them  to  perform  well,” 
Clarke  says. 

“Open  source  development  is  centered  around 
operating  systems  designed  many  years  ago  with 
security  and  Internet  connectivity  as  a  base  re¬ 
quirement,”  he  adds. 

Open  source  is  foremost  an  “ethos”  that  “is  pre¬ 
cisely  the  best  social  environment  for  the  best 
development  of  anything,”  Clarke  maintains.  “By 
contrast,  the  principle  culprit  of  poor  security, 


Microsoft,  has  several  major  issues  with  producing 
secure  code.” 

“Microsoft  seems  lax  to  security  threats,”  says 
Robert  Swiercz,  managing  director  of  the  Portal  of 
Montreal,  the  city’s  Web  site.  “I  have  less  and  less 
ability  to  trust  them.”  He,  too,  expresses  confidence 
in  the  open  source  community,  saying,  “this  is 
where  the  solutions  are  coming  from.” 

However,  some  call  these  assumptions  into  ques¬ 
tion  and  assert  there’s  a  lack  of  accountability  in 

□pen  source  vs. 
Windows  security 

Research  firm  Security  Innovation  evaluated 
both  and  found: 

Web  server  role: 

Windows  2003,  IIS  6.0,  SQL  Server  2000,  and  ASP.NET: 

Vulnerabilities  needing  patches,  2004:  52 
Average  “days  of  risk"  before  patch:  31.3 
Web  server  role: 

Red  Hat  Linux  3.0,  Apache  Web  server,  MySQL  and  PHP: 

Vulnerabilities  needing  patches,  2004:  Minimally  configured 
Linux,  132.  Default  configuration,  174 

Average  "days  of  risk"  before  patch:  69.6.  Default 
configuration,  71.4. 

fixing  open  source.  A  number  of  research  firms  are 
ready  to  puncture  the  belief  that  open  source  is  by 
its  very  nature  superior. 

In  its  report,  “Securing  Open  Source  Infrastruc¬ 
ture,”  Burton  Group  dispels  any  notion  that  open 
source  software  is  inherently  more  secure  simply 
because  more  people  can  look  at  it. 

“Experience  shows  this  simply  isn’t  true,”  the 
research  firm  states,  calling  it  “the  myth  of  more 
eyes,”  citing  case  after  case  where  no  one  spotted 
critical  flaws  in  open  source  code. 

Burton  Group  also  points  out  the  potential  for 
developers  placing  back  doors  in  open  source 


code,  and  that  when  it  comes  time  for  the  open 
source  community  to  fix  the  inevitable  vulnerabil¬ 
ities,  businesses  using  it  might  come  to  rely  on  the 
“whim  of  individuals  rather  than  organizations 
they  are  more  accustomed  to  dealing  with,”  Burton 
Group  notes.The  firm  adds  that  dealing  with  tradi¬ 
tional  vendors  isn’t  necessarily  any  better. 

When  it  comes  to  closed  source,  there’s  a  single 
point  of  contact  —  whether  it  be  Microsoft,  Oracle 
or  any  other  vendor  —  where  security  flaws  that 
come  to  light  get  addressed,  typically  by  issuing  a 
software  patch.  The  situation  in  the  open  source 
world  is  different,  IBM’s  Jollans  says. 

If  someone  identifies  a  security  vulnerability  in 
Linux,  IBM  —  as  well  as  other  Linux-supporting 
vendors  —  might  each  respond  with  their  own 
“emergency  patch,”  which  also  would  be  shared  as 
an  interim  fix  with  the  Linux  community. 

The  intention,  he  says,  is  to  have  a  permanent 
change  approved  by  the  inner  circle  of  Linux 
code-writers,  including  Andrew  Morton,  the  Linux 
kernel  maintainer  at  the  Open  Source  Develop¬ 
ment  Labs.  If  the  code  change  to  fix  the  security 
flaw  is  significant,  it  might  also  require  the 
approval  of  the  ultimate  Linux  authority,  Linus 
Torvalds. 

IBM  is  going  to  rush  out  with  an  emergency  Linux 
fix,  if  needed,  regardless  of  what  the  Open  Source 
Development  Labs  does.“The  prime  consideration  is 
to  support  our  customers,”  Jollans  says. 

Starts  with  the  basics 

Stacey  Quandt,  analyst  at  research  firm  Robert 
Frances  Group,  argues  for  the  open  source  security 
advantage  in  a  report  she  wrote  last  March. 

According  to  Quandt,  Windows  “is  intentionally 
designed  to  support  application  functionality  in 
the  operating  system  and  deep  application  inte¬ 
gration  in  the  Windows  kernel.”  This  “tight  integra¬ 
tion”  in  Windows,  which  is  not  the  case  with  Linux, 
“increases  the  number  of  security  exposures.” 

To  Quandt,  the  security  remediation  process  is 
wholly  different  in  the  two  camps. 

“The  majority  of  reported  flaws  in  Windows 
come  from  security  firms  or  from  hackers,  with  ex¬ 
ploits  often  appearing  first  ‘in  the  wild’  and  with 
countermeasures  starting  with  commercial  anti¬ 
virus  updates  prior  to  an  operating  system  patch,” 
she  states  in  her  report.“For  the  open  source  oper¬ 
ating  systems,  security  flaws  are  more  frequently 
reported  by  university  researchers  or  developers 
within  the  open  source  community,  who  often 
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provide  the  source  to  correct  the  underlying  problem 
with  the  report  of  the  flaw  (though  most  enterprise 
users  will  apply  those  patches  only  when  released  by 
their  distribution  vendors).” 

The  number  of  vulnerabilities  in  open  source  vs.  closed 
source  —  and  how  fast  they  get  fixed, respectively  —  stirs 
up  debate  on  both  sides. 

Research  firm  Security  Innovation  caused  an  uproar 
when  it  asserted  in  a  study  —  paid  for  by  Microsoft  — 
that  a  Web  server  based  on  open  source  code  had  twice 
as  many  security  vulnerabilities  recorded  in  2004  as  a 
comparable  Microsoft-based  Web  server. 

The  study  pitting  Red  Hat  Linux  and  open  source  appli¬ 
cations  against  Microsoft  products  asserted  it  took  the 
open  source  community  twice  as  long  to  fix  the  vulnera¬ 
bilities  discovered  in  2004. 

Red  Hat  didn’t  challenge  the  number  of  reported  vul¬ 
nerabilities  but  said  it  would  define  fewer  of  them  as  “crit¬ 
ical”  as  listed  in  the  Security  Innovation  report.  “Cus¬ 
tomers  are  interested  in  how  quickly  we  respond  to  the 
issues  that  matter  most,”  said  Red  Hat  engineer  Mark  Cox 
in  a  statement. 

Herbert  Thompson,  director  of  research  and  training 
at  Security  Innovation,  says  the  study  will  withstand 
scrutiny. 

“When  folks  talk  about  Linux  and  Windows  security  a 


lot  of  religion  gets  involved.  We  wanted  to  take  the  reli¬ 
gion  out  of  it,”  he  says. 

However,  critics  contend  that  a  direct  comparison  of 
how  Microsoft  and  the  open  source  world  go  about  dis- 

ll  When  folks  talk 
about  Linux  and 
Windows  security,  a  lot 
of  religion  gets  involved. 
We  wanted  to  take  the 
religion  out  of  it.  ?* 

Herbert  Thompson 

Director  of  research  and  training  at  Security  Innovation 


covering  and  fixing  software  flaws  is  unfair. 

“Look,  if  I  divulge  a  vulnerability,  1  have  to  worry  that 
Microsoft  will  sue  me,” says  William  Hurley,  CEO  at  start-up 
Symbiot,  which  makes  a  real-time  visualization  tool  for 


open  source  security  tools,  including  Snort  and  nMap. 
“But  hiding  a  vulnerability  doesn’t  take  it  out  of  the  realm 
of  reality’ 

Mistakes  are  made  in  both  open  source  and  in 
Microsoft  products,  Hurley  says,  and  it’s  better  for  the 
world  to  know  of  a  security  problem  so  there  can  be  a 
workaround  for  it  even  if  no  patch  is  available  for  a 
month. 

A  Microsoft  spokeswoman  says  the  company  does  not 
sue  those  who  publicize  a  vulnerability  but  does  encour¬ 
age  responsible  disclosure.  Some  IT  managers  say  they 
have  deep  reservations  about  open  source. 

“There’s  no  quality  control  on  some  of  it,”  says  Jim 
Cupps,  information  security  officer  in  the  North 
American  division  of  SAPP1  Fine  Paper.  He  says  he  buys 
proprietary  tools,  including  Core  Security’s  vulnerability- 
assessment  tool,  because  a  lot  of  the  open  source  tools 
don’t  seem  to  be  thoroughly  tested  or  kept  up  to  date 
when  new  exploits  come  out. 

Other  IT  managers  say  they  like  a  lot  of  open  source 
security  tools  and  applications  but  corporate  policies 
prevent  them  from  using  them. 

“We  don’t  do  open  source  because  my  lawyer  says 
there’s  no  one  to  sue,” says  Phil  Maier,vice  president  of  in¬ 
formation  security  at  Inovant,  Visa’s  technology  deploy¬ 
ment  division. “The  lawyers  had  the  final  saj/B 
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Open  source  visionary  Brian 
Behlendorf  talks  about  where 
the  movement  is  heading  in 
the  enterprise. 
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BRIAN  BEHLENDORE32,  IS  A  LEADER  OF  THE  OPEN  SOURCE  move¬ 
ment  and  a  high-tech  Renaissance  man.  He  was  a  key  developer  of 
the  Apache  Web  server  and  is  now  the  CTO  at  CollabNet,  which  pro¬ 
vides  hosted  solutions  for  Web-based  software  development  to  Intel, 
Sun,  Motorola  and  others.  He  also  is  a  lover  of  all-night  raves,  techno 
music  and  art.  He  recently  spoke  with  Network  World  Senior  Editor 
Carolyn  Duffy  Marsan.  Here  are  exerpts  from  that  conversation. 


How  did  you  first  get  interested  in  the  open 
source  movement?  Was  there  an  “aha!” 
moment  for  you? 

It  was  long  before  the  term  “open  source”  came 
to  be.  In  high  school,  I  used  a  piece  of  shareware 
called  Fractant.  It  was  really  intriguing.  It  came  with 
the  full  source  code.The  first  screen  was  a  scrolling 
list  of  e-mail  addresses  of  all  the  collaborators.  If 
you  had  a  change  to  the  software,  you  could  send 
it  to  this  address,  and  it  would  be  incorporated  in 
the  next  version.  This  was  very  different  than  any 
software  I  had  seen  or  run  before. 

When  I  went  to  [the  University  of  California] 
Berkeley,  I  saw  how  the  Internet  protocols  were 
being  defined  through  the  IETF  That  clued  me  in 
to  the  fact  that  innovation  in  software  —  and  this 
is  probably  true  generally  —  doesn't  happen  by 
one  or  two  people  but  by  a  network  of  people 
working  together. 


Give  me  an  update  on  CollabNet.  How  suc¬ 
cessful  has  the  company  been  at  making 
inroads  into  the  enterprise  market? 

Our  basic  premise  is  that  the  open  source  com¬ 
munity  had  come  up  with  a  really  brilliant  set  of 
tools,  processes  and  a  mind-set  that  supported 
worldwide  software  development.  We’ve  tried  to 
pick  the  best  of  those  tools  and  help  corporations 
build  a  software  development  process  around 
them.  By  plugging  people  and  processes  over  the 
Internet,  we’ve  created  a  Web-based  environment 
that’s  basically  a  big  repository.  It  pulls  a  company’s 
engineers  together. 

We  have  teams  that  can  re-use  other  teams’  work 
because  with  our  environment  they  get  visibility 
into  how  others  are  working.  Companies  tell  us 
they’re  seeing  breakthroughs  in  communications 
between  teams. 


What  trends  do  you  see  in  the  usage  of  open 
source  software  in  the  enterprise  market? 

People  have  historically  used  open  source  soft¬ 
ware  without  bothering  to  tell  their  bosses.  And 
they’ve  historically  used  it  in  places  where  it  is 
invisible:  for  mail  servers,  DNS  servers  and  Web 
servers.That  has  started  to  shift.The  next  phase  will 
be  using  open  source  for  application  servers.  En¬ 
terprises  are  getting  comfortable  now  that  this  stuff 
is  production  quality,  at  least  some  of  it  is. 

Why  is  there  a  growing  interest  from  corpo¬ 
rate  users  in  open  source? 

It  starts  with  the  cost.  That’s  the  thing  that  makes 
it  easy  to  justify  The  perception  of  greater  security 
and  greater  flexibility  is  there,  too.  Flexibility  is 
important.  For  every  dollar  an  enterprise  has  to 
spend  on  licensing,  they  have  to  spend  another 
five  on  consulting. They’re  already  used  to  spend¬ 
ing  money  on  customizing  software.  With  open 
source,  they  get  a  chance  to  more  actively  partic¬ 
ipate  in  the  development. 

What  do  you  see  as  the  biggest  challenges  to 
broader  adoption  of  open  source  software  in 
the  enterprise? 

Open  source  software  has  different  levels  of  matu¬ 
rity  You  can  look  at  the  Web  server  and  say  it’s  pretty 
stable.  You  look  at  SugarCRM,  and  it  has  a  couple 
thousand  users.  As  an  IT  customer,  being  able  to 
ascertain  the  maturity  of  an  open  source  communi- 
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ty  is  a  challenge,  as  is  knowing  how  to  weigh 
the  risks  of  using  an  open  source  package 
vs.  the  cost. 

You  need  to  assess  how  mature  is  this  pro¬ 
ject.  You  also  need  more  visibility  into  how 
active  that  project  is. You  need  to  know:  Did 
they  just  solve  this  problem  using  an  ad  hoc 
check  and  two  people  wrote  the  code?  Or  is 
it  a  corporate  standard  that  is  on  Version  4.0 
and  is  heavily  peer  reviewed?  The  difference 
between  these  two  [scenarios]  is  huge. 

What  predictions  do  you  feel  comfort¬ 
able  making  about  the  future  of  the 
enterprise  software  market  over  the 
next  five  years? 

More  organizations  can  and  should  give 
Linux  desktops  a  consideration  for  their 
low-demand  applications  like  point-of-sale, 
customer  support  and  data  entry  We’ll  see 
that  faster  than  most  people  are  predicting. 

Open  Source  Java  is  going  to  be  a  big  story 
over  the  next  two  or  three  years.  And  you’ll 
continue  to  see  a  dramatic  shift  away  from 
software  vendors  who  perpetuate  selling  ex¬ 
pensive  licenses  and  consulting  toward  or¬ 
ganizations  like  SugarCRM  or  Spike  Source, 
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which  provides  testing,  certification  and 
support  services  to  enterprises  rolling  out 
open  source  software. 

Does  it  ever  get  frustrating  for  you  to 
see  Linus  Torvalds  get  all  the  attention 
when  it  comes  to  open  source  issues? 

No.  If  anything,  he  deserves  more  atten¬ 
tion.  He  deserves  every  ounce  of  the  credit 
that  he  gets. 

I’d  like  to  see  more  people  share  the  lime- 
light.There  are  lots  of  talented  people  in  the 
open  source  community  that  are  into  it  for 
the  intellectual  challenge  and  make  a  big 
difference.  [Laughing]  I’d  be  glad  to  wear  a 
‘No.2’T-shirt  around. 

You’re  the  chief  technology  guru  for 
the  Burning  Man  festival.  How  does 
that  artistic,  survivalist  event  in  the 
Nevada  desert  relate  to  your  work  in 


the  open  source  movement? 

Burning  Man  is  all  about  artwork  built  by 
a  collective,  and  open  source  is  all  about 
software  built  by  a  collective.  They’re  both 
activities  built  by  groups  of  people,  where 
the  results  are  always  better  than  the  sum  of 
the  parts.The  coordination  is  more  ad  hoc, 
and  they’re  less  structured  from  above. 
That’s  the  common  thread  in  a  lot  of  my 
interests.  My  premise  is  that  bottom-up 
architectures  and  bottom-up  organizations 
can  be  successful. 

There’s  a  huge  wave  in  software  engineer¬ 
ing  to  add  a  degree  of  rigor  and  science. 
That  dogmatic  approach  is  great  in  theory, 
but  sometimes  I  worry  that  it  leads  to  a  false 
sense  of  security. There’s  a  better  way 

Open  source  represents  a  reaction  to  that 
with  its  bottom-up  approach.The  model  of  a 
mutual  fund  manager  acting  as  a  filter  and 
a  manager  of  the  chaos  may  be  a  good  one. 
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Go  online  to  see  what  Behlendorf  had  to  say  about  Apache  and 
the  evolution  of  the  open  source  industry. 
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Do  you  have  any  good  Bill  Gates  sto¬ 
ries?  Sightings?  Secret  lunches?  That 
sort  of  thing. 

[Laughing].  No. The  only  one  that  I  really 
like  is  in  an  article  in  1987  when  Gates  was 
asked  if  he  feared  Netscape.  He  said,  ‘No  I 
don’t  fear  Netscape.  I  fear  Apache.’ That  tick¬ 
led  me  pink. 

You’ve  accomplished  so  much  in  the 
last  decade.  What  are  you  going  to  do 
for  an  encore? 

[Laughing]  I  have  no  idea.  I’m  fully  en¬ 
gaged  in  what  I’m  doing  at  CollabNet.  I  feel 
I’m  having  as  big  of  an  impact  there  as  with 
Apache.  I  get  a  front  row  seat  to  see  how 
[open  source]  plays  out.  From  the  Defense 
Department  to  Sun  and  Intel  to  financial 
services  companies,  I  get  to  see  what  works 
and  doesn’t  work.  All  of  the  things  I  fought 
for  in  the  abstract,  I  have  to  fight  for  in  the 
concrete. 

It’s  exhilarating  at  times.  I’m  having  a  lot  of 
fun.  Burning  Man  or  throwing  parties  with 
300  other  freaks  is  a  good  way  to  keep  bal¬ 
ance  in  my  life.  ■ 


and  then  it  hits  you:// 

RIGHT  NOW  YOUR  COMPETITORS 
ARE  DISCOVERING  LINUX, TOO. 

Novell. 

find  out  more  at  novell.com 


©2005  Novell,  Inc.  All  rights  reserved.  Novell  is  3  registered  trademark  of  Novell,  Inc.  in  the  United  States  and  other  countries. 


30  •  www.networkworld.com  •  7.4.05 


r 


BRANCHING  OUT: 

Comfortable  with  Linux,  organizations 
look  for  new  open  source  tools 


BY  PHIL  HOCHMUTH 

The  lure  of  open  source  software  is  tempting  —  tales  of  enormous 
cost  savings,  freedom  from  vendor  control  and  proprietary  tech¬ 
nologies,  plus  the  broad  resource  of  a  community  of  volunteer  pro¬ 
grammers  eager  to  help. 


But  every  reward  has  its  risks. 

Ask  AutoZone;  the  regional  auto  parts  dealer 
made  the  switch  to  Linux  in  all  of  its  stores  as  a 
point-of-sale  system  in  2000,  displacing  SCO  Open- 
Server.  The  SCO  Group,  which  has  brought  a  widely 
publicized  lawsuit  against  IBM,  claiming  it  in¬ 
fringed  on  Unix  patents  by  promoting  Linux, 
turned  around  and  sued  its  own  customer. 

“IBM  approached  Autozone  in  an  effort  to 
induce  Autozone  to  breach  its  agreement  with 
SCO,”  the  Unix  vendor  said  in  court  papers.  “IBM 
was  actively  advising  Autozone’s  internal  software 
group  about  converting  to  Linux  . . .  Despite  the 
Autozone  OpenServer  License  Agreement  with 
SCO  . . .  IBM  finally  successfully  induced  Autozone 
to  cease  using  the  SCO  software  and  to  use  Linux 
with  IBM’s  version  of  Unix.  Autozone  ultimately 
decided  not  to  pay  SCO  the  annual  fee  to  contin¬ 
ue  to  maintain  the  SCO  products  and  . . .  with  the 
encouragement  of  IBM,  began  the  efforts  required 
for  conversion  to  Linux. . .” 

In  July  a  Nevada  court  issued  a  stay,  pending  the 
outcome  of  the  SCO  vs.  IBM  case  as  well  as  SCO  suits 
against  Red  Hat  and  Novell.  Observers  of  the  case 
say  any  penalties  against  Autozone  are  unlikely  to 
ever  come  about  because  the  IBM/Red  Hat/Novell 
cases  could  be  tied  up  for  years.  But  until  the  case 
is  resolved,  Autozone  remains  mired  in  this  legal 
morass.  (Read  a  related  story  on  patent  issues  at 
www.networkworld.com,  DocFinder:  7829.) 

Technical  concerns 

Some  large  enterprise  users  running  Linux  in  the 
data  center  say  that  while  the  legal  issues  are  real 
when  using  open  source  software,  other  risks,  par¬ 
ticularly  around  product  support,  are  even  more 
important  to  consider. 

“There  can  be  technical  risks,”  in  deploying  open 
source  software,  says  Joshua  Levine,  CTO  and 
operations  officer  at  E*Trade  Financial  in  New 
York.  His  firm  moved  off  of  a  Sun  Solaris  Web  plat¬ 
form  to  Linux  four  years  ago,  and  saved  around 
$200,000  per  server  on  hardware  and  software 
costs.  Levine  says  there  were  great  concerns  as  to 


whether  a  Linux  switch  would  support  the  firm’s 
trading  applications. 

“There  were  risks  that  we  wouldn’t  be  able  to 
support  the  business  on  the  new  platforms,  and 
that  applications  won’t  port  over’’  he  says.  But 
thanks  to  Y2K,  many  large  companies,  such  as 
E*Trade,were  able  to  obtain  source  code  for  their 
applications.  This  and  the  similarities  between 
Unix  and  Linux  made  porting  a  non-issue. 

Autozone  caught  in 
the  crossfire 

SCO  moves  from  Linux  to  litigiousness. 

1995  Novell  sells  UnixWare  to  SCO. 

2001  Linux  distributor  Caldera  merges  with  SCO. 

2003  SCO  sues  IBM  charging  that  IBM  took  Unix  intellectual 
property  owned  by  SCO  and  used  it  in  Linux. 

SCO  sends  letter  to  1,500  Linux  users  threatening 
them  with  legal  action. 

2004  SCO  sues  Autozone  and  DaimlerChrysler. 

Judge  agrees  to  delay  Autozone  case. 

Judge  dismisses  DaimlerChrysler  case. 

“When  the  cost  savings  or  production  increases 
are  compelling  enough,  it’s  easy  to  sell  the  ideas  of 
open  source  to  a  business,”  Levine  says.“In  reality, 
the  risk  wasn’t  not  there.” 

At  Cendant  Travel  Distribution  Services,  there 
were  concerns  about  performance  and  uptime 
when  the  New  York  company  took  mainframe- 
based  software  that  had  been  ported  to  Unix  and 
tried  to  move  it  to  a  Linux  platform.  Reworking  the 
code  a  third  time  was  a  risky  proposition,  says 
Robert  Wiseman,  CTO  at  the  firm,  which  does 
back-end  airfare  calculations  for  Orbitz.com  and 
United  Airlines. 

“Risk  of  downtime  was  a  concern  when  we 
moved  to  open  source,”  Wiseman  says.  “You  can 
say  a  platform  is  faster  and  cheaper,  but  if  your 


servers  aren’t  up,  no  one  really  cares  about  the 
cost  savings.” 

This  idea  is  something  that  vendors  competing 
for  Cendant’s  business  used  to  try  to  dissuade  the 
move  to  open  source.  “Vendors  who  tried  to  steer 
us  away  from  open  source  would  come  in  and  try 
to  scare  our  executives  by  calling  [open  source 
software]  freeware,” Wiseman  says. 

It  took  several  months  of  testing  the  firm’s  appli¬ 
cations  on  dual-processor  Intel  servers,  and  show¬ 
ing  that  the  software  ran  faster  on  Linux/Intel  than 
on  either  the  previous  mainframe  or  Unix  boxes 
before  executives  were  won  over. 

Support  questions 

The  issues  of  legal  risk  also  are  on  the  minds  of 
users  interested  in  open  source.  Lawyers  at  Citi¬ 
group  did  not  take  this  lightly  when  the  firm  was 
looking  to  put  instances  of  Linux  servers  on  its 
mainframe,  as  a  way  to  consolidate  servers  with¬ 
out  buying  new  hardware. 

“One  challenge  was  understanding  how  open 
source  can  be  supported,” says  Aaron  Graves,  vice 
president  of  technology  at  Citigroup  in  New  York. 
“It  took  us  a  while  to  figure  that  out  to  the  point 
where  executives  and  the  legal  department  were 
satisfied.” 

Some  issues  that  had  to  be  clarified  were  around 
responsibility.  SuSE  made  the  Linux  software  and 
IBM  made  the  hardware, so  whose  responsibility  it 
was  to  ensure  the  operating  system  ran  smoothly 
on  the  mainframe  processors  needed  to  be 
spelled  out. 

“We  were  stalled  for  months  on  legal  issues,”  Graves 
says,  “trying  to  understand  what  a  support  contract 
for  open  source  means  vs.  a  traditional  software  sup¬ 
port  contract;  it  was  really  a  different  model.” 

The  fact  that  two  credible  vendors  were  behind 
the  technology,  and  had  mutual  support  agree 
ments,  helped  the  company  get  over  this  hurdle. 
“We  had  to  convey  that  there  was  real  vendor 
backing  behind  this, and  that  we  weren’t  just  mess¬ 
ing  around  with  raw  source  code  someone  down¬ 
loaded  from  the  Internet.” 

As  for  the  potential  risks  of  lawsuits  around 
Linux,  many  see  this  as  becoming  more  of  a  non¬ 
issue  as  the  SCO/IBM  case  languishes  in  court. 

“Lawsuit  risk  around  open  source  became  popu¬ 
lar  for  a  while,”  E*Trade’s  Levine  says.“And  while  it  is 
still  ongoing,  it’s  now  to  the  point  where  it’s  not  high 
on  our  legal  department’s  radar  at  this  point.”  ■ 
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NetScaler  boosts  app  acceleration  gear 


NetScaler  says  a  software  upgrade  to  its  switch 

Ann  PitAAfl  Ilf  AM  nnn  tHoffiA  fiiiAfAN 


BY  PHIL  HOCHMUTH 

NetScaler  recently  upgraded  its 
traffic  acceleration  device  to  fur¬ 
ther  speed  application  response 
times  and  reduce  WAN  band¬ 
width  consumption. 

AppCompress  Extreme  is  a  soft¬ 
ware  upgrade  for  the  NetScaler 
9000  series  of  data  center  appli¬ 
ances.  NetScaler  says  users  can 
make  some  applications  run  44 
times  faster  over  a  WAN  connec¬ 
tion  when  deploying  AppCom¬ 
press  Extreme.  This  is  done 
through  a  mix  of  HTTP  compres¬ 
sion,  caching,  server  load  balanc¬ 
ing  and  terminating  TCP/IP  con¬ 
nections  on  the  NetScaler  box  in¬ 
stead  of  servers.  The  NetScaler 
hardware  is  a  mix  of  Intel-based 
network  appliance,  which  runs 
the  AppCompress  Extreme  soft¬ 
ware,  and  a  Layer  4-7  switch,  offer¬ 
ing  a  range  of  10/1 00/ 1 000M 
bit/sec  ports. 


Alfa  Mutual  Insurance, 
an  auto,  health  and  prop¬ 
erty  insurance  company 
in  Alabama,  uses  the  cur¬ 
rent  version  of  Net- 
Scaler’s  compression 
technology  to  speed  up 
PeopleSoft  and  other  internally 
developed  Web  applications. 
Compression  and  traffic  accelera¬ 
tion  are  important  because  most 
of  the  company’s  agents  are  locat¬ 
ed  in  400  branch  offices,  connect¬ 
ed  to  the  data  center  via  a  128K 
bit/sec  pipes. 

“The  compression  ratios  with 
the  current  NetScaler  product 
were  pretty  eye-opening  when  we 
first  installed  the  technology  says 
Buddy  Mesaris,  Unix  and  Win¬ 
dows  systems  manager  at  Alfa 
Mutual  Insurance.  Network  band¬ 
width  consumption  on  the  com¬ 
pany’s  key  applications  dropped 
by  around  60%  to  70%  when  the 


NetScaler  box  was  installed,  he 
adds.  “This  lets  us  put  out  more 
applications  without  upgrades  to 
the  WAN.” 

Mesaris  says  the  company  plans 
to  extend  access  to  more  People- 
Soft  modules  to  branch  offices 
with  the  extra  bandwidth. 

Another  aspect  of  the  NetScaler 
technology  that  appeals  to 
Mesaris  is  that  all  the  equipment 
is  deployed  in  the  company’s  data 
center,  as  opposed  to  putting  com¬ 
pression/acceleration  hardware 
in  branch  offices,  or  adding  this 
technology  to  hundreds  of  re¬ 
mote  routers. 

The  NetScaler  technology  works 


by  compressing  data  at  the 
server  end,  using  the  Gzip 
compression  algorithm.  On 
the  client  side,  a  Java  applet 
or  an  Active-X  agent  is  down¬ 
loaded  on  an  end  user’s  Web 
browser,  which  performs  the 
unpacking  of  compressed  data  at 
the  desktop. 

Another  new  feature  in  App¬ 
Compress  Extreme  is  the  ability  to 
compress  both  download  and 
upload  application  traffic.  Accor¬ 
ding  to  NetScaler,  this  will  speed 
up  response  times  of  database 
applications  and  other  software 
programs  where  data  is  frequently 
pulled  from  and  pushed  back  to 
servers. 

The  product  release  from  Net¬ 
Scaler  is  the  first  launch  since 
Citrix  acquired  the  company  last 
month  for  $300  million.  More  busi¬ 
nesses  are  finding  value  in  appli¬ 
cation  compression/acceleration 


gear  as  they  re-architect  their  data 
centers,  analysts  say  This  has  trans¬ 
formed  the  Layer  4-7/acceleration 
market  from  a  scrum  of  small 
start-ups  into  a  big-business  battle. 

“The  focus  on  this  product  cate¬ 
gory  has  really  elevated  through  a 
series  of  recent  high-profile  acqui¬ 
sitions,”  says  Peter  Christy  an  ana¬ 
lyst  with  the  Internet  Research 
Group. 

Before  Citrix’  NetScaler  buyout, 
Juniper  bought  two  key  NetScaler 
rivals  —  Peribit  and  RedLine 
Networks.  Cisco’s  purchase  of  ac¬ 
celeration  vendor  FineGround  in 
Mayas  well  as  its  recent  data  cen¬ 
ter-focused  Application  Oriented 
Networking  product  launch,  are 
also  putting  focus  on  software  ac¬ 
celeration  as  a  part  of  a  network. 

NetScaler’s  AppCompress  Ex¬ 
treme  software  can  be  added  to 
the  company’s  switches  for 
$1 0,000.  ■ 
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How  much  can  your  network  analyzer  see? 


Observer  is  the  only  fully  distributed  network  analyzer  built  to 
monitor  the  entire  network  (LAN,  802.1  la/b/g,  Gigabit,  WAN). 
Download  your  free  Observer  10  evaluation  today  and  experience 
more  comprehensive  real-time  statistics,  more  expert  events, and 
more  in-depth  analysis  letting  you  dive  deeper  into  your  network 
than  ever  before.  Choose  Observer. 


-DRriGER-  Guard  against  the  latest  network  threats  by  identifying 
and  isolating  infected  systems  automatically. 

-BRTR  Mini  nB~  Analyze  gigabit  traffic  and  massive  amounts 
of  data  with  Observer's  expanded  options  for  data  mining. 

-  JURK  T  RRF  F I C -  Identify  broadcast  storms,  monitor  excessive 
traffic,  and  optimize  bandwidth  with  Observer's  many  utilization 
metrics  and  over  30  real-time  statistics. 


US  &  Canada  toll  free  800.526.5958 
fax  952.932.9545 


UK  &  Europe  +44(0)1959569880 

www.networkinstrumenfs.com/analyze 
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Server  Technology 

Solutions  for  the  Data  Center  Equipment-  Cabinet 


How  Do  You  Distribu  t 
Power  in  Yc  ur  Data 


The  Sentry  CDU  distributes  power  for  Blade 
servers  or  up  to  42  du  -power  1U  servers 
in  one  end  sure.  Single  or  3-phase  in  jt 
with  110VAC,  208 VAC  or  mixed  110/208VAC 
single-phase  outlet  receptacles. 

Metered  CDU 

>  Local  input  Current  Monitoring 
Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 
-  On  /  Off  /  eboot 


With  Sentry! 

CDU  Product  Family:  Metered,  mart  &  Switched 


Server  Technology,  Inc.  toll  free  +1,800,835.1 51 5 
1040  Sandhill  Drive  tel  +1.775.284.2000 

Reno,  NV  89521  fax  +1.775.284.206! 

^  www.servertfichxo.rn 
sa  servertech.com 


hC-Seritry  sa  trademark  of  Sewer  Technology.  Inc. 
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Vl-800-905- 


Li  iC 


Find  out  how  you  can  invest  in  one  of  Entrepreneur 
Magazine’s  “Fastest-Growing  Franchises”  #48  (2005), 
“Franchise  500®”  rank  #258  (2005),  and  “Top  New 
Franchises”  #15  (2005).  Single,  Multi-Units  and  Area 
Development  Opportunities  are  now  available. 


For  more  information  call 


GEM ZKM1 

(ext.  309) 

or  visit  us  at: 

geeksoncallfranchise.com 


JOIN  THE 

$300  BILLION 

COMPUTER  SERVICE  RUSINESS. 


©Geeks  On  Call  America,  Inc. 
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The  Smart  Choice  for  Text  Retrieval®  since  1991 

♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF  while  displaying  embedded 
links,  formatting  andnnMMT 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 


Instantly  Search  f 
Terabytes  of  Text  J 


Reviews  of  dtSearch 

♦“The  most  powerful  document  search  tool  on  the  market”  —  Wired  Magazine 

♦“dtSearch ...  leads  the  market”  —  Network  Computing 

♦“Blindingly  fast”  —  Computer  Forensics:  incident  Response  Essentials 

♦“A  powerful  arsenal  of  search  tools”  —  The  New  York  Times 

♦“Super  fast,  super-reliable”  —  The  Wall  Street  Journal 

♦“Covers  all  data  sources ...  powerful  Web-based  engines”  —  eWEEK 

♦“Searches  at  blazing  speeds”  — -  Computer  Reseller  News  Test  Center 

See  www.dtsearch.com  for  hundreds  more  reviews  &  case  studies 
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Looking  ahead  to  your  next 
network  project? 

Need  information  now? 

Check  out  VENDOR  SOLUTIONS  for  the  most 
comprehensive  information  on  network  IT  products 
and  solutions  for  your  business  including: 

►White  Papers 
►Special  Reports 
►Partner  Sites 
►Webcasts 

►Marketplace  Product  Finder 

Visit  www.networkworld.com/vendorsolutions  today. 
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802.11  bg  W-LAN  ANALYZER 

>  2.4  GHz  SPECTRUM  ANALYZER 
>  Dual-band  802.11b  &  g  demodulators 

>  Direction  Finding  of  Rogue  AP’s 


Security  •  Installers  •  WISPs  •  Hotspots 


Velloudocket™ 
Hive  Software 

Site  Initiator/Supervisor/ 
Investigator  indoor/outdoor 
mapping  W-LAN  coverage 
solution. 


Berkeley  Varitronics  Systems  Metuchen.  NJ  08840 
(732)548-3737  www.bvsystems.com 


WWW.S1I1TCASE.COM 

Luggage,  Fine  Leather  Goods,  Gifts,  and  morel 

Hartmann,  Andiamo,  Samsonite,  Cross 

10%  discount  for  Network  World  readers 
Enter  code  NWW2005 


S  :RV  ERS  WITH  IN  YOUR  REACH 
FRO  ANYWHERE 

LOCAL  OR  REMOTE  SERVI  MANAGEMENT  SOLUTIONS 


UltraMatrix™ 

Remote 


KVM  OVER  IP 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


UltraMatrix™ 

E-series 

KVM  SWITCH 
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PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 

PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  i 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers, to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand 


ROSE  US  281  933  7673 

ROSE  EUROPE  +44  (0)  1 264  850574 
ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +  61 7  3388  1 540 


800-333-9343 

WWW.ROSE.COM 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 
1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,  2x8,  2x16, 
4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 
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RackView 

Keyboard 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 


■  KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 


RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
server  rooms  and  multiple  computers. 


XtendVue 

Vertical  Rack  mountable  LCD 
With  Buit-in  KVM  Extender 


RackView 

Fold-Forward 


RackView 

Fold-Back 


RackView 
LCD  Monitor 


The  RackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contain  a  high-resolution  TFT/LCD  monitor,  a 
tactile  keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 
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TAP  into  Performance 

Monitor  mission-critical  links  with  the 
latest  technology  through  new  nTAPs 


Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  nTAP  solution  that 
fits  your  network  and  budget.  Visit  www.networkTAPs.com/visibility  today. 


To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET-nTAP  today. 

Free  overnight  delivery* 
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•Free  overnight  delivery  on  all  U.S.  orders  over  $300.00  confirmed  before  12  pm  CST. 
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BACKSPIN 


Mark  Gibbs 


recently  emceed  a 
Webcast  titled 
“Sustaining  Open 
Source  Benefits”  (see 
www.networkworld.  com, 
DocFinder:  7828).  The  interviewees  were  Ernest 
Prabhakar,  Apples  Darwin  product  manager  on  the  Mac 
OS  X  team  who  is  responsible  for  open  source,  Unix  mar¬ 
keting  and  Xgrid;  and  Peter  Burris,  president  and  chief 
research  officer  at  Appergyan  early-stage  IT  services  firm. 

It  was  an  interesting  discussion  that  explored  how  to 
sustain  the  benefits  of  open  source  as  options  continue  to 
multiply. To  put  that  another  way  the  range  of  open  source 
software  is  climbing  up  the  stack  from  systems  level  to 
full-fledged  business-critical  applications,  as  discussed 
elsewhere  in  this  issue’s  Open  Source  special  section. The 
issues  of  standards,  integration  and  management  are  pro¬ 
foundly  affected  by  the  scale  and  manner  of  adoption. 

The  trade-off  that  companies  face:  potentially  fantastic 
bang  for  the  buck  vs.  risks  that  lie  in  how  corporate  IT 
adopts  and  uses  open  source.  Adopters  of  open  source 
systems  must  establish  practices  that  discourage  “bad” 
open  source  behaviors  while  actively  encouraging  “good” 
open  source  behaviors. 

Bad  behaviors  in  the  world  of  application-level  open 
source  software  include  ignoring  standards  and  integra¬ 


Open  source  has  to  ‘wear  a  tie’ 

i 


tion  issues.  Good  behavior  is  about  being,  and  staying, 
involved  in  the  public  process  of  development.  Corpora¬ 
tions  that  adopt  open  source  applications  should  partici¬ 
pate  in  the  code’s  evolution  and  in  the  open  source  com¬ 
munity  in  general.  It  is  all  about  recognizing  common  pur¬ 
pose  —  companies  have  to  recognize  and  act  on  the 
opportunity  that  open  source  applications  offer  and 
address  the  bigger  picture.  Ultimately  their  investment  of 
time  and  effort  will  have  a  far  greater  return  than  if  they 
just  took  and  didn’t  give  anything  back. 

There  is  a  call  from  corporate  IT  for  the  open  source 
community  to  step  up  to  this  demand.  As  Prabhakar  said 
in  the  Webcast:“Suddenly  open  source  is  realizing  it  can’t 
just  stay  out  all  night  partying  with  its  friends.  It  has  to  get 
up  in  the  morning  and  wear  a  tie.” 

Prabhakar  also  pointed  out  that  corporate  IT  has  a 
responsibility.  For  companies  to  use  open  source  software 
they  have  to  understand  “the  business  problem  [they  are] 
trying  to  solve  and  which  pieces  of  the  stack  are  most 
important,”  he  says. 

One  comment  I  found  profound  was  that  to  sustain  the 
benefits  of  open  source  the  whole  philosophy  of  open 
source  will  have  to  mature  and  the  way  corporations 
think  about  the  software  they  use  will  have  to  mature. 

Now  how  could  we  claim  that  today’s  corporate  IT  view 
of  software  is  immature?  An  analogy  might  be  going  to 


your  doctor  with  a  headache  and  being  told  you  need  to 
take  this  drug  and  you  say  thanks  and  off  you  go,  never 
asking  the  doctor  what  he  thinks  you  have  or  if  the  med¬ 
ication  has  any  side  effects! 

Isn’t  that  how  we  consume  packaged,  proprietary  soft¬ 
ware?  But  if  we  take  charge,  and  develop  the  skills  to  man¬ 
age  the  problems  and  understand  how  to  fix  them  if  we 
have  to,  we  have  a  real  edge.  Would  that  cost  more  or  less 
than  you  currently  spend  on  buggy  proprietary  software 
and  failed  implementations? 

Moreover,  can  we  give  up  that  idea  of  first  mover  advan¬ 
tage  —  the  rarely  proven  hope  that  the  early  adopter  of  a 
novel  solution  gains  market  advantage?  I  have  seen  little 
evidence  that  novel  technology  really  gives  long-  or  even 
medium-term  advantage,  and  in  the  world  of  enterprise 
business,  short-term  advantage  has  no  strategic  value 
(though  the  bragging  rights  can  make  for  good  internal 
political  benefit  when  presented  to  the  uninformed). 

Open  source  eventually  will  transform  how  we  do  busi¬ 
ness.  The  benefits  and  advantage  will  go  to  those  who  are 
mature  enough  to  understand  the  opportunity  and 
embrace  it. 

Open  your  sources  to  backspin@gibbs.com  and  see 
Gearblog(w  ww.net  work  world,  com/  weblogs/ 
gearblog)  for  this  week  s  links. 
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Wisdom  9,  Grokster  0 

How  do  most  of  us  differentiate  between  Supreme 
Court  decisions  that  are  wise  and  those  that  are  dumb? 

Easy  enough:The  ones  we  agree  with  are  wise;  the 
others  are  dumb. 

So  having  argued  for  years  that  the  original  Napster 
and  now  its  evil  spawn  are  nothing  but  music  chop  shops  masquerading  as  legiti¬ 
mate  businesses,  it  will  surprise  no  one  that  I  see  only  wisdom  in  last  week's  Grok¬ 
ster  decision.  (But  don't  get  me  started  on  the  Supreme  Court's  eminent  domain 
ruling,  a  dumb  one  that  sullies  every  principle  of  freedom  on  this  Independence 
Day.) 

That  the  court  in  the  Grokster  case  sided  with  the  intellectual  property  owners  is 
no  surprise.That  all  nine  justices  did  so  is  shocking  in  the  sense  that  this  court 
would  likely  split  5-4  when  ruling  that  today  is  Monday. 

(As  a  matter  of  fact,  5-4  was  the  tally  in  that  eminent  domain  decision  —  you  know, 
the  one  where  Jessica  Simpson  apparently  wrote  the  majority  opinion.  Arrrgh  . . .  you 
got  me  started.) 

Much  wailing  had  been  rendered  before  last  week’s  Grokster  ruling  to  the  effect 
that  a  decision  against  the  maker  of  file-stealing  software  might  scuttle  the  court’s 
landmark  1984  Universal  City  Studios  vs.  Sony  ruling,  which  would  in  turn  mean  the 
end  of  technological  innovation  ...  if  not  civilization. 

In  that  case  the  court  ruled  that  even  though  Sony’s  Betamax  could  be  used  to 
filch  copyrighted  material,  the  technology  was  “capable  of  substantial  non-infring¬ 
ing  uses"  —  and  that  protected  it  from  lawsuits  ...  if  not  VHS. 

Preserving  that  protective  shield  was  paramount,  many  argued,  even  if  it  meant 
turning  a  blind  eye  to  the  rampant  theft  of  intellectual  property  being  fostered  by  the 
less-scrupulous  peer-to-peer  companies.  Without  Betamax,  noTivo,  no  iPod,  no 
soft-serve  ice  cream. 

Fears  of  a  full-speed  reversal  of  Betamax  proved  unfounded,  however. 

In  a  nutshell,  the  nine  justices  told  tomorrow’s  inventors  and  entrepreneurs  to  chill 
out:  Innovate  to  your  heart’s  content,  but  if  you're  foolish  enough  to  build  a  business 


on  a  foundation  of  someone  else's  intellectual  property  —  without  paying  for  that 
privilege  —  don't  look  to  us  for  protection  against  the  inevitable  lawsuits. 

(Why  five  of  those  same  justices  in  the  eminent  domain  case  saw  no  wrong  in  a 
government  entity  taking  physical  property  —  homes  —  as  a  foundation  for  building 
condos  and  shopping  centers  is  beyond  me  . . .  OK,  I’ll  stick  to  Grokster  from  here 
on  out.) 

In  Grokster,  the  court  quite  sensibly  zeroed  in  on  what  has  always  been  the  crux  of 
the  matter —  illegal  business  practices  —  and  not  technology  itself.  Non-infringing 
uses  are  all  well  and  good,  they  said,  but  such  capabilities  offer  no  defense  against 
lawsuits  if  accompanied  by  a  business  model  and  marketing  that  don’t  pass  the  duck 
test.  (They  didn’t  actually  cite  the  duck  test,  but  that’s  what  they  meant.) 

Tying  Grokster  to  the  coattails  of  Betamax  always  struck  me  as  a  stretch.The  Sony 
case  predated  the  World  Wide  Web,  of  course.  If  Sony’s  Betamax  had  enabled  users  to 
“share"  their  recordings  with  tens  of  thousands  of  their  closest  friends  —  as  Grokster 
and  its  ilk  do  loudly  and  proudly  —  and  if  Sony  had  built  its  business  plan  and  market¬ 
ing  around  exploiting  such  “sharing,”  you  can  speculate  with  a  fair  measure  of  confi¬ 
dence  that  the  Supreme  Court  circa  1984  would  have  ruled  differently. 

(OK,  I  lied:  If  Supreme  Court  Justice  David  Souter,  who  actually  wrote  the  emi¬ 
nent  domain  decision,  had  known  that  someone  would  propose  a  public  taking  of  his 
house  to  build  a  hotel  —  as  happened  last  week  —  perhaps  he  might  have  ruled  dif¬ 
ferently,  too.) 

Could  the  Grokster  decision  lead  to  yet  more  lawsuits? 

Maybe.  But  that’s  a  reason  to  send  your  kids  to  law  school,  not  to  believe  the  court 
got  it  wrong. 

The  1984  Betamax  decision  was  as  much  a  nod  to  the  inherent  limitations  of  that 
era's  recording  and  distribution  technologies  as  an  attempt  to  protect  innovation.The 
VCR  never  posed  any  threat  similar  to  what  intellectual  property  owners  face  today. 

Last  week  the  court  did  little  more  than  acknowledge  what  we  already  knew:The 
Internet  changes  everything. 

Dissenters  always  welcome  here.  The  address  is  buzz@nww.com. 
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NetVanta  1224R/1224STR  Series 

All-in-One  Access  Platform  with 
Switch/Roiiter/Firewall/VPN/DSU/CSU 


802.3af 
Power  over 
Ethernet 


NetVanta  1224/1224ST  Series 

Managed  Fast  Ethernet  and 
Powered  Ethernet  Switches 


NetVanta  1524ST 

Managed  Gigabit  Ethernet  Switch 


Is  voice  and  data  networking  costing  you  more  than  it  should? 

You  no  longer  have  to  pay  premium  prices  for  brand  name 
gear  to  perform  customary  internetworking  tasks.  With  the 
NetVanta  Series  from  ADTRAN®,  you  can  implement  the  exact 
internetworking  functionality  you  need,  at  a  cost  that’s 
Lower  network  often  50%  less  than  competing  brand  name  solutions, 

costs  without  Choose  from  switching ,  routing,  and  VPN  platforms. 


NetVanta  340 

Business-class  ADSL2+  Router 


NetVanta  3200 

Modular  2xTl/ADSL2+  Branch  Office 
Routers  with  Firewall/VPN/Voice/Dial  Backup 


NetVanta  3205/3305/4305 


compromising  Modular  chassis  and  deep  product  lines  let  you  pick 
quality,  performance,  and  choose  just  the  right  solution  for  any  application — 
or  support  with  data,  voice,  VoIP,  Internet,  backup,  and  management — 


Modular  2xT1/3xTl/8xT1  Routers  with 
Firewall/VPN/Voice/Dial  Backup 


NetVanta  5305 

Modular  2xT3  Router  with  Firewall/VPN 


NetVanta  2050/2054/2100 

Home  Office/Small  Office  VPN  Gateways 
with  Firewall/Multi-Port  Switch 


NetVanta  2300/2400 

Medium  to  Large  Office  VPN 
Gateways  with  Firewall 


NetVanta 
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anta.  across  networks  ranging  from  56  kbps  to  GigE.  Every 

solution  is  backed  by  a  100%  satisfaction  guarantee  from 
ADTRAN,  unlimited  telephone  technical  support  (before  and 
after  the  sale),  free firmware  upgrades,  and  a  full  5-year  warranty. 


Why  pay  more  (when  you  don’t  have  to)? 


Register  to  win  a  free  NetVanta  1224STR  now! 

www.adtran.com/rightprice 
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Have  a  question  about  network  design?  Howto  implement 
VoIP  in  your  network?  Our  network  engineers  are  standing  by. 
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800  597  9602  Technical  Questions 
877  280  8416  Where  to  Buy 


The  Network  Access  Company 
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DON’T  LET 
SPYWARE 
SABOTAGE  YOUR 
ENTERPRISE. 


The  next  threat  is  no  threat  with  Trend  Micro. 

Expose  and  eradicate  spyware  with  Trend  Micro's  Enterprise-class,  multi-level, 
anti-spyware  solutions.  They're  the  only  solutions  that  block  and  clean  at  the  gateway — 
the  most  effective  point  of  control.  Trend  Micro.  #1  global  leader  at  the  gateway  and 
industry  pioneer.  Whether  it's  a  virus,  worm,  spyware,  or  spam,  we've  got  you  covered. 


For  a  FREE  evaluation  and  IDC  whitepaper, 
go  to  www.trendmicro.com/spyware 
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